Adding CSRF validation to forms when extending Phalcon\Form

Question

Adding CSRF validation to forms when extending Phalcon\Form

AJ McKee Mar '13

Created Mar '13	Last Reply Mar '13	Replies 1	Views 1908	Votes 5

AJ McKee 15.2k

Mar '13

Is it possible to make \Phalcon\Security available to \Phalcon\Form so as to aid in the generation of csrf hidden fields when extending the class.

class Login extends \Phalcon\Form
{
    public function initialize()
    {
        // Identity Field.
        $identity = new Text('identity');
        $identity->addValidator(new Email(
            array(
                'message' => 'A valid email address is required.'
            )
        ));
        $identity->setLabel("Email Address.");
        $this->add($identity);

        // Password Field.
        $password = new Password('passowrd');
        $password->setLabel('Password');
        $password->addValidator(new PresenceOf(
                array(
                    'message' => 'You must provide a password.'
                )
            ));
        $this->add($password);

        $csrf = new Hidden(array(
            'name' => $this->security->getTokenKey(),
            'value' => $this->security->getToken(),
            'id' => 'xtoken'
        ));

       $csrf->addValidator(new Csrfl(
            array(
                'message' => 'Tokens do not match.'
            )
        ));
        $this->add($csrf);
    }
}

5

Phalcon
98.9k

Accepted
answer

Mar '13

Hi, you can access the DI statically:

$di = Phalcon\DI::getDefault();

$security = $di['security'];

AJ McKee · Answer 1 · 2013-03-27T15:13:14-07:00

AJ McKee
15.2k

Mar '13

Ya that will work nicely, thanks.