07-15-2017, 06:03 PM
Here is the code I use in my header:
From here I use echo $token into all my page forms.
Code:
// CSRF check
Code:
if (!empty($_POST)) {
Code:
$tokenPost = Input::sanitize($_POST['csrf']);
Code:
if (!Token::check($tokenPost)) {
Code:
$userPermissions->addAudit($pathToCheck); // This line goes with my custom permissions class and adds a new line to the audit table for the tomfoolery page
Code:
Redirect::to('csrf.php'); // a custom 'try again without a page refresh' notification page
Code:
die();
Code:
}
Code:
}
Code:
$token = Token::generate();
From here I use echo $token into all my page forms.