3
Which version of XOOPS?
My understanding is that the XoopsGTicket class was written by GIJOE, and Mithrandir adopted it into the XoopsSecurity class for XOOPS >= 2.0.10.
So if you're using XOOPS >= 2.0.10, then you should be using this instead:
if (!$GLOBALS['xoopsSecurity']->check()) {
redirect_header(XOOPS_URL.'/',3,$GLOBALS['xoopsSecurity']->getErrors());
}
The check should be used when processing any form that could "cause bad things to happen" if someone spoofed the form. In particular, this applies to any processing that modifies the database.
If in doubt, it's best to perform the check.
One exception I made in a module is for a form that simply filters the output displayed on a page. No harm can come from spoofing that form, so I decided there was no need to have a security token.
P.S. If you want to retain downward compatibility with earlier versions of XOOPS, you can do this:
if (is_object($GLOBALS['xoopsSecurity']) and !$GLOBALS['xoopsSecurity']->check()) {
redirect_header(XOOPS_URL.'/',3,$GLOBALS['xoopsSecurity']->getErrors());
}