Documentation
Security Manager
Introduction
The framework provides built in Security mechanism to validate, filter user inputs. The aim is to provide a layer which can sanitize the input and protect from all vulnerable attack. You can use sanitize method which will filter all PHP global variables for you internally.
Sanitizing String
By default cygnite validates, sanitize and protects from cross site scripting. You may use sanitize method for to sanitize the input.
use Cygnite\Common\Security;
list($s, $cleanedString) =Security::create(function ($s) use ($string) {
$string = $s->sanitize($string);
return [$s, $string];
});
If you specifically want to remove javascript protocols from your string then use below method.
$value = $s->removeJavaScriptProtocols($value);
Hashing
Cygnite provides secure Bcrypt hashing for storing user passwords. Bcrypt hashing is a better choice over encryption library.
Creating Password Hash
use Cygnite\Hash\Hash;
$hash = Hash::instance();
$hashedPassword = $hash->create('Your-New-Password');
Verifying Password Against Hash
if ($hash->verify('password', $hashedPassword)) {
// The passwords match...
}
Check If Password Need To Rehashed
if ($hash->needReHash($hashed)) {
$hashed = $hash->create('plain-string');
}
Sanitize HTML strings
Strip html encoding out of a string, useful to prevent cross site scripting attacks. You may use clear_sanity() function to sanitize value before displaying in view page.
clear_sanity();
CSRF Validation
You can generate the token and validate CSRF using below functions.
$token = csrf_token(); // Will generate the token
validate_token($token); // Validate the token
