README

Forman-Recaptcha - plugin for forman, adding automatic CSRF-protection for all forms. Plugin works at background, no code needed.

Mechanism

• Generates and stores token at every form process
• Compares token from form data and user cookies, if cookie not exist or not matches - field error will be added and verify (so process too) fails
• Removes csrf_token from process result, so you'll not even notice

You can turn it off for one form

\Forman\CSRFPlugin::disable();
if ($data = $form->process($_POST)) {
    // now there is no CSRF
}
\Forman\CSRFPlugin::enable();

Or global

// somewhere in bootstrap
\Forman\CSRFPlugin::disableGlobal(); // so any enable() will not work now