XOOPS

XOOPS 2.0.10 BETA Released

Mithrandir  25-Mar-2005 21:01 16154 Reads   51 Comment(s) 

How does it work?
The token system is used in conjunction with input forms, where it generates a unique and practically un-guessable value that is saved in the user's session and as a hidden variable in the form. When the form is submitted, the receiving page can check if the token value provided via the form is also in the user's session. If not, the check will fail.

How do I use this in my module?
Depending on your module's implementation, there are several ways to implement the token system:

Form side
1) Add a 5th parameter to the XoopsForm-derived class constructor - true for adding a token and false (default) for not using the token system in this form

2) If not using XoopsForm classes but writing HTML directly in a PHP file or Smarty template, one can get the HTML for a token field with $GLOBALS['xoopsSecurity']->getTokenHTML() - this will return the result of a XoopsFormHiddenToken::render() call, ready to be used in a PHP file or assigned to $xoopsTpl for use in a template

Receiving side
On the receiving end, one must check the validity of the token by calling $GLOBALS['xoopsSecurity']->check() - which returns true or false - before authorising changes to the database or similar actions.
« 1 (2) 3 »
Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

200 user(s) are online (3 user(s) are browsing Publisher)


Members: 0


Guests: 200


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories