Configurations

Configuration for the php library is stored in a config.php file and the configurations are stored as php array, which is directly retrieved by the library. Config file resides in /libs/ directory.

Different parameters are explained below:

• CSRFP_TOKEN: name of the csrf token as it will appear in COOKIE, SESSION, GET or POST
• logDirectory: location of the directory at which log files will be saved relative to config.php file. This is required for file based logging (default), Not needed, in case you override logging function to implement your logging logic. (View Overriding logging function)
  Default value: ../log/
• failedAuthAction: Action code (integer) for action to be taken in case of failed validation. Has two different values for both GET and POST. Different action codes are specified as follows, (
  Default: 0 for both GET & POST):

• 0 Send 403, Forbidden Header
• 1 Strip the POST/GET query and forward the request! unset($_POST)
• 2 Redirect to custom error page mentioned in errorRedirectionPage
• 3 Show custom error message to user, mentioned in customErrorMessage
• 4 Send 500, Internal Server Error header

• errorRedirectionPage: Absolute url of the file to which user should be redirected.
  Default: null
• customErrorMessage: Error Message to be shown to user. Only this text will be shown!
  Default: null
• jsPath: location of the js file relative to config.php.
  Default: ../js/csrfprotector.js
• jsUrl: Absolute url of the js file. (See Setting up for more information)
• tokenLength: length of csrfp token, Default 10
• disabledJavascriptMessage: messaged to be shown if js is disabled (string)
• verifyGetFor: regex rules for those urls for which csrfp validation should be enabled for GET requests also. (View verifyGetFor rules for more information)
• cookieConfig: this is an array of three properties path, domain, secure - which lets you set respective properties when the csrf token is set in cookie using setcookie method in php. Learn more at php.net.