check (method)

Last updated: Fri, Apr 14, 2023 3:52 pm
Return to Knowledgebase

Purpose

Checks for the presence of a valid CSRF token

Location

users/classes/Token.php

Parameters

# Parameter Data Type Required Description
1 $token string Yes The token received from a form submission.

Returns

Data Type Description of Returned Data
bool Returns whether a token check is valid or not.

Further Documentation:

The check() method is used to check if a given token matches the value stored in the user's session. This is commonly used to prevent cross-site request forgery (CSRF) attacks. Here is a breakdown of what the method does:

The check() method is a static method, so it can be called without creating an instance of the class.

The method takes one parameter: $token, which is the value to be checked against the session token.

The method first retrieves the session token name from the configuration using the Config::get() method.

The method then checks if the session token exists using the Session::exists() method. If it does not exist, the method returns false.

If the session token does exist, the method checks if the $token parameter matches the value of the session token using the Session::get() method. If they match, the method returns true. If they do not match, the method returns false.

If the Session::get() method fails for any reason, the method returns false.

Here is an example usage of the check() method to check if a submitted form is valid:

if (!empty($_POST)) {
$token = $_POST['csrf'];
if(!Token::check($token)){
include($abs_us_root.$us_url_root.'usersc/scripts/token_error.php');
}
}