Skip to content

Configurations

Jump to bottom Edit New page
minhaz edited this page Sep 30, 2018 · 10 revisions

Editing Configurations & Mandatory requirements before using this library

Configuration for the php library is stored in a config.php file and the configurations are stored as php array, which is directly retrieved by the library. Config file resides in /libs/ directory.

Note: Mandatory requirements before using this library

When you download the library either directly or via composer, you are required to copy the sample.config.php as config.php before being able to use the library. Also, in this config file you need to put in the mandatory values as described below;

For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php
For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrfc/config.php
Edit config accordingly. See Detailed Information link below.

Different parameters are explained below:

  • CSRFP_TOKEN: name of the csrf token as it will appear in COOKIE, SESSION, GET or POST
  • logDirectory: location of the directory at which log files will be saved relative to config.php file. This is required for file based logging (default), Not needed, in case you override logging function to implement your logging logic. (View Overriding logging function)
    Default value: ../log/
  • failedAuthAction: Action code (integer) for action to be taken in case of failed validation. Has two different values for both GET and POST. Different action codes are specified as follows, (
    Default: 0 for both GET & POST):
  • 0 Send 403, Forbidden Header
  • 1 Strip the POST/GET query and forward the request! unset($_POST)
  • 2 Redirect to custom error page mentioned in errorRedirectionPage
  • 3 Show custom error message to user, mentioned in customErrorMessage
  • 4 Send 500, Internal Server Error header
  • errorRedirectionPage: Absolute url of the file to which user should be redirected.
    Default: null
  • customErrorMessage: Error Message to be shown to user. Only this text will be shown!
    Default: null
  • jsPath: location of the js file relative to config.php.
    Default: ../js/csrfprotector.js
  • jsUrl: Absolute url of the js file. (See Setting up for more information)
  • tokenLength: length of csrfp token, Default 10
  • disabledJavascriptMessage: messaged to be shown if js is disabled (string)
  • verifyGetFor: regex rules for those urls for which csrfp validation should be enabled for GET requests also. (View verifyGetFor rules for more information)
  • cookieConfig: this is an array of three properties path, domain, secure - which lets you set respective properties when the csrf token is set in cookie using setcookie method in php. Learn more at php.net.

Important links:

  1. Download Master Version
  2. How to SET UP
  3. How to USE

PS: wiki still under development. Please create a Github issue for any correction.

Clone this wiki locally