Home » API reference » common.inc

drupal_check_token

Versions
4.6
drupal_check_token()

Check the form token if there is POST data for an authenticated user to defend against cross site request forgeries.

$_POST will be cleared if the token is absent or incorrect.

Related topics

Input validation
Functions to validate user input.

Code

includes/common.inc, line 919

<?php
function drupal_check_token() {
  global $user; 
  if ($user->uid && ($_SERVER['REQUEST_METHOD'] == 'POST') && !(isset($_POST['edit']) && isset($_POST['edit']['token']) && drupal_valid_token($_POST['edit']['token']))) {
    drupal_set_message(t('Validation error. Please try again.'), 'error');
    $_POST = array();
  }
}
?>
Login or register to post comments
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.