This is a demo of how to do (Cross-Site Request Forgery) protection in Form. Try out the form below or skip to the source code below.
The class Xsrf_guard used for XSRF guarding is a standalone class. Read more about it at http://github.com/dfh/xsrf_guard.
Below is the source code defining the form above.
/**
* An XSRF-protected form.
*/
class Xsrf_protected_form extends Form
{
/** Returns a definition of the fields of this form. */
protected function fields()
{
return array(
'name' => array(),
'submit' => true,
);
}
}
$guard = new Xsrf_guard();
$guard->key( 'supersecret' );
Form::$default_xsrf_guard = $guard;<?php
require '../lib/form.php';
Tpl::$default_template_dir = dirname( __FILE__ ) . '/';
/**
* An XSRF-protected form.
*/
class Xsrf_protected_form extends Form
{
/**
* Returns a definition of the fields of this form.
*/
protected function fields()
{
return array(
'name' => array(),
'submit' => true,
);
}
}
$guard = new Xsrf_guard();
$guard->key( 'supersecret' );
Form::$default_xsrf_guard = $guard;
$form = new Xsrf_protected_form();
$msg = '';
$ok = true;
# validate if posted
if ( is_post() ) {
# need to tell the form what data source to use
$form->source( $_POST );
# is_valid() will validate and save error messages (if any)
if ( $form->is_valid() ) {
$msg = "OK!";
} else {
$ok = false;
$msg = "NOT OK!";
}
}
$ctxt = array(
'form' => $form,
'ok' => $ok,
'msg' => $msg,
'source' => file_get_contents( __FILE__ ),
);
echo Tpl::create( 'layout.html.php', $ctxt )->wrapping( 'xsrf_basic.html.php' );