

CSRF Protection

The CSRF helper is used to protect post request from cross site request forgeries. For more information on CSRF see

To use place at the top of controller like:<

namespace Controllers;

use CoreController;    
use HelpersCsrf;    
use HelpersSession;

class Pet extends Controller 
    private $model;

    public function __construct() 
        $this->model = new ModelsPetModel();

In your add or edit method create the token. If you use separate methods to open an edit view and a different method to update, create it in the edit method like:

function edit() 
    $id = filter_input(INPUT_GET, 'id'); //suggested way....
    $data['csrfToken'] = Csrf::makeToken('edit');
    $data['row'] = $this->model->getPet($id);

    View::renderTemplate('header', $data);
    View::render('pet/edit', $data, $error);
    View::renderTemplate('footer', $data);

Before the submit button in same view, place this hidden field:

<input type="hidden" name="token" value="<?php echo $data['csrfToken']; ?>" />

In the controller and at the top of the method that processes the form, update here is only an example, place:

function update() 
    if (isset($_POST['submit'])) { // or the name/value you assign to button.
       if (!Csrf::isTokenValid('edit')) {
            Url::redirect('admin/login'); // Or to a url you choose.......

        $id = $_POST['id'];
        $petname = $_POST['petname'];
        // other processing code