🚀
INEX Docs
  • 🚀INEX Team Documentation 💡🌍
  • INEX Blog
  • Contact Us
  • INEX SPA
    • Installation
      • Using Git
      • Manual Download
    • Getting Started
      • Running Locally
        • Using PHP's Built-in Server
        • Using Apache
      • Initial Configuration
      • Verify Installation
    • Ammar CLI
      • Extrenal Commands
        • list commands
          • list
          • list:routes
          • list:db
          • list:import
          • list:lang
          • list:cron
        • make commands
          • make:route
          • make:db
          • make:cache
          • make:sitemap
          • make:session
          • make:lang
          • make:layout
          • make:auth
        • get commands
          • get:cache
          • get:session
        • update commands
          • update:cache
        • delete commands
          • delete:route
          • delete:db
          • delete:cache
          • delete:import
          • delete:session
          • delete:lang
        • ask commands
          • ask:gemini
        • run/serve commands
          • run:db
          • serve
        • clear commands
          • clear:cache
          • clear:db
          • clear:db:tables
          • clear:routes
          • clear:start
          • clear:docs
          • clear:cron
        • install commands
          • install:import
      • Inline Commands
        • Route Management
        • Database Operations
        • Cache Operations
        • AI Assistance
        • Development Server
        • Library Manager
        • Session Manager
        • Language Manager
        • Layout Manager
        • Cronjob Management
    • Ahmed Template
      • {{}}
      • If Statement
      • ForEach
      • @getLang
      • @getEnv
      • Layout Feature
        • @getSection
        • @section and @endSection
        • @render
      • @include - Including Other Templates
      • @switch - Switch Case Statement
      • @for - Looping with a Fixed Range
      • @while - Looping Until a Condition is Met
      • @set - Assigning Variables
      • @dump - Debugging Variables
      • @dd - Debugging and Stopping Execution
      • @isset - Checking If a Variable Is Set
      • @empty - Checking If a Variable Is Empty
      • @php - Executing Raw PHP Code
      • @unless - Conditional Rendering for False Values
      • @break and @continue - Loop Control
      • String Case Conversion - @strtoupper, @strtolower, and @ucfirst
      • @number_format - Number Formatting
      • @date - Date Formatting
      • @runDB - Execute Database Migrations
      • @generateSitemap - Generate XML Sitemap
      • @checkRateLimit - Rate Limiting Requests
      • @validateCsrf - CSRF Protection
      • @define - Define Variables
      • {-- Comment Syntax --}
      • @escape - Escape Output
      • @substr - Extract a Substring
      • @jsonFile - Load JSON Data
      • @require - Include PHP Files
      • @do @whileCond - Do-While Loop
      • @setLang - Set Active Language
      • @var - Define and Use Variables
      • @phpCode - Execute Raw PHP Code
      • @postData - Send Data via HTTP POST
      • @toJson & @fromJson - JSON Conversion
      • @strlen & @trim - String Length and Trimming
      • @getData - Retrieve Data via HTTP GET
      • Cookie Management Directives
      • Session Management Directives
      • @useGemini - AI-Powered Assistance
      • Cache Management Directives
      • Section Management Directives
      • Other functions calling
    • Features
      • PWA Feature (Beta)
      • Cronjob Management
      • Built-in Motion Engine (Beta)
      • API Routes
      • Auth
        • How to use?
        • Start Use
          • Update Json/AuthParams.json
          • Create Auth file
            • Using ammar CLI
            • Using code
          • run .sql file
            • Using ammar CLI
            • Manually
        • Use
          • UserAuth::signIn
          • UserAuth::signUp
          • UserAuth::checkUser
          • UserAuth::logout
      • Webhook
      • Notification
      • Security
      • Logger
      • Firewall
      • Validation
        • isEmail
        • isTextLength
        • isMinTextLength
        • isSubDomain
        • isSubDir
        • isDomain
        • isEndWith
        • isStartWith
        • isNumber
        • isBool
      • Ahmed Template
      • Cookie Management
        • JavaScript (JS)
        • PHP
      • Session Management
      • Enable Multi Language
      • Submit Data without redirect
      • Layout Feature
      • Run DB Folder SQL files
      • SiteMap Generator
      • Use Rate Limiter
      • Application Title System
      • Use Gemini
      • Cache system
        • Create a new Cache
        • Get a Cache Value
        • Update Cache Value
        • Delete Cache
      • Run MySQL Commands
      • Automaticly CSRF Security
      • Get Website URL Without getEnvValue function
      • Use Bootstrap
      • Database Connection
      • Submit Data without Page Refresh
        • Basic Form Implementation
        • Server-Side Handling
        • Important Notes
      • Check Request Type
      • Create Dynamic Routes
      • Client-Side Navigation (Redirect without Refresh)
        • Basic Redirection
        • Dynamic Route Navigation
        • Common Usage Patterns
        • Important Notes
      • Get Values From .env file
      • Get Data from Twice Slash
    • Libraries
      • Download Library
        • 1- Using ammar CLI (recommended)
          • Example 1
        • 2- Manually Download
          • Example 1
      • Use library
        • Example 1
    • Notes
      • Use ""
      • Delete Docs files
      • Should name .ahmed.php
      • Don't delete JS & errors folder
      • Don't use these names in files
      • JavaScript Execution Conflicts
        • Problems this causes
        • Best practices
      • Production Database Checks
      • Route Type Restrictions
      • Autoloading Framework Components
      • Framework Core Isolation
      • Additional Notes
      • Add .git suffix
    • Best Practices
      • Code Organization
      • Security
      • Performance
      • Development
      • Database
      • Maintenance
    • Apache License
    • Security Policy
    • Repository
    • Star History
    • How to create a new library?
      • Create a folder
      • Create a library files
        • Create a file
          • Example 1: hi.php
          • Example 2: useFramework.php
      • Create init.php file
      • Create README.md file
      • Congratulations!!!
      • Upload to Github
      • Notes
        • Class Name like to file name
        • Create a folder
        • Don't match INEX SPA
  • Changelog
    • v5.2
    • v5.0
    • v5
    • v4.9.3
    • v4.9.1
    • v4.9-beta
    • v4.8.5-beta
    • v4.8-beta
    • v4.4-beta.10
    • v4.1-beta.9
    • v3.7.6.5.8.1-beta.8
    • v3.7.6.5.8.0-beta.7
    • v3.5.62.78-beta.6
    • v3.40.73-beta.5
    • v3.36.69-beta.4
    • v2.12.39-beta.3
    • v1.1.3-beta.2
    • v1.0-beta.1
Powered by GitBook
On this page
  • Syntax
  • Description
  • Example
  • Expected Behavior
  • Notes
Edit on GitHub
  1. INEX SPA
  2. Ahmed Template

@validateCsrf - CSRF Protection

The @validateCsrf directive in Ahmed PHP Template Engine helps protect forms and sensitive actions from Cross-Site Request Forgery (CSRF) attacks by validating CSRF tokens.

Syntax

@validateCsrf(token)

  • token: The CSRF token to be validated.

Description

  • This directive checks if the provided CSRF token matches the expected value stored in the session.

  • If the token is invalid, the request is rejected to prevent CSRF attacks.

  • Ensures that form submissions and API requests originate from trusted sources.

Example

<form method="POST">
    @csrf // Generates a CSRF token
    <input type="hidden" name="csrf_token" value="@csrfToken">
    <button type="submit">Submit</button>
</form>

@validateCsrf($_POST['csrf_token'])

Expected Behavior

  • If the token is valid, the request proceeds normally.

  • If the token is missing or invalid, an error is triggered to block the request.

Notes

  • Always include @csrf inside forms to generate a valid token.

  • CSRF protection is essential for preventing unauthorized actions on behalf of users.

  • Works best when combined with session-based authentication mechanisms.

Previous@checkRateLimit - Rate Limiting RequestsNext@define - Define Variables

Last updated 2 months ago