CSRF Protection and Forms

Advanced Security - PHP Register/Login System Advanced Security - PHP Register/Login System / How-to Last updated on Updated  Jan 16, 2019

If you want to add new forms and extend the application, you need to make sure that you send the CSRF token whenever a form is submitted. To learn more about CSRF protection check this article.

AJAX Forms

If you are using jQuery and send form data via AJAX, then you just need to make sure that following script is included on your page (right after you include jQuery), since it will configure all AJAX requests to automatically send CSRF token to the server:

<!-- Make sure that this script file is included on the page after you include jQuery -->
<script src="app/js/app/bootstrap.php"></script>

This script is already included on all AS pages by default (check templates/footer.php for example).

Regular Forms

If you are not using AJAX to send the data to the server, and you use regular <form> elements instead, you will need to add CSRF token as a hidden input field to each form you create. The hidden input field should look like the following:

<from>
    <input type="hidden" name="<?= ASCsrf::getTokenName() ?>" value="<?= ASCsrf::getToken() ?>">
    <!-- ... -->
</from>