drupal_valid_token

5 common.inc drupal_valid_token($token, $value = '', $skip_anonymous = FALSE)
6 common.inc drupal_valid_token($token, $value = '', $skip_anonymous = FALSE)
7 common.inc drupal_valid_token($token, $value = '', $skip_anonymous = FALSE)
8 common.inc drupal_valid_token($token, $value = '', $skip_anonymous = FALSE)

Validate a token based on $value, the current user session and private key.

Parameters

$token: The token to be validated.

$value: An additional value to base the token on.

$skip_anonymous: Set to true to skip token validation for anonymous users.

Return value

True for a valid token, false for an invalid token. When $skip_anonymous is true, the return value will always be true for anonymous users.

3 calls to drupal_valid_token()

File

includes/common.inc, line 2655
Common functions that many Drupal modules will need to reference.

Code

function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) {
  global $user;
  return (($skip_anonymous && $user->uid == 0) || ($token == md5(session_id() . $value . variable_get('drupal_private_key', ''))));
}

Comments

How to use this function

Posted by jackey chen on January 26, 2011 at 1:29pm

How to use this function? what issue can use it to fix ?

It's for preventing

Posted by John Morahan on January 28, 2011 at 3:29pm

It's for preventing cross-site request forgeries.

Login or register to post comments