This is the API documentation for concrete5 version 5.6 and earlier. View Current API Documentation

Class Concrete5_Helper_Validation_Token

A helper that allows the creation of nonces/tokens, to protect against CSRF attacks.

Direct known subclasses

ValidationTokenHelper

Package: Helpers\Validation
Copyright: Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org)
License: MIT License
Author: Andrew Embler andrew@concrete5.org
Located at core/helpers/validation/token.php

Methods summary

public
# getErrorMessage( )

For localization we can't just store this as a constant, unfortunately

public
# generate( string $action = '', string $time = null )

Generates a unique token for a given action. This is a token in the form of time:hash, where hash is md5(time:userID:action:pepper)

public
# output( $action = '', $return = false )

prints out a generated token as a hidden form field

public
# getParameter( $action = '' )

returns a generated token as a query string variable

public
# validate( string $action = '', string $token = null )

Validates against a given action. Basically, we check the passed hash to see if a. the hash is valid. That means it computes in the time:action:pepper format b. the time included next to the hash is within the threshold.

Constants summary

integer VALID_HASH_TIME_THRESHOLD
# 86400