This is the API documentation for concrete5 version 5.6 and earlier. View Current API Documentation

Class Concrete5_Helper_Validation_Token

A helper that allows the creation of nonces/tokens, to protect against CSRF attacks.

Direct known subclasses


Package: Helpers\Validation
Copyright: Copyright (c) 2003-2008 Concrete5. (
License: MIT License
Author: Andrew Embler
Located at core/helpers/validation/token.php

Methods summary

# getErrorMessage( )

For localization we can't just store this as a constant, unfortunately

# generate( string $action = '', string $time = null )

Generates a unique token for a given action. This is a token in the form of time:hash, where hash is md5(time:userID:action:pepper)

# output( $action = '', $return = false )

prints out a generated token as a hidden form field

# getParameter( $action = '' )

returns a generated token as a query string variable

# validate( string $action = '', string $token = null )

Validates against a given action. Basically, we check the passed hash to see if a. the hash is valid. That means it computes in the time:action:pepper format b. the time included next to the hash is within the threshold.

Constants summary

# 86400