// Usage in controllers: Csrf::verify(); // ============================================================ namespace App\Helpers; class Csrf { private const TOKEN_KEY = '_csrf_token'; // ---------------------------------------------------------- // Generate (or return existing) token for this session // ---------------------------------------------------------- public static function token(): string { if (empty($_SESSION[self::TOKEN_KEY])) { $_SESSION[self::TOKEN_KEY] = bin2hex(random_bytes(32)); } return $_SESSION[self::TOKEN_KEY]; } // ---------------------------------------------------------- // Render a hidden input field — paste into every form // ---------------------------------------------------------- public static function field(): string { $token = htmlspecialchars(self::token(), ENT_QUOTES, 'UTF-8'); return ''; } // ---------------------------------------------------------- // Verify the submitted token matches the session token. // Exits with 403 if invalid. // ---------------------------------------------------------- public static function verify(): void { $submitted = $_POST['_csrf_token'] ?? ''; if (!hash_equals(self::token(), $submitted)) { http_response_code(403); exit('Invalid or missing CSRF token. Please go back and try again.'); } } // ---------------------------------------------------------- // Regenerate token (call after login/logout) // ---------------------------------------------------------- public static function regenerate(): void { $_SESSION[self::TOKEN_KEY] = bin2hex(random_bytes(32)); } }

Track Your Request

Enter your Registration Number and NIC to verify your identity,
then receive an OTP to view your request status.

[2026-03-20 16:56:25] EXCEPTION: Class "App\Helpers\Csrf" not found in /var/www/transcript.wyb.ac.lk/app/Views/public/track_search.php on line 19