drupal_valid_token

Versions
4.6: drupal_valid_token($token, $value = '')
4.7 – 7: drupal_valid_token($token, $value = '', $skip_anonymous = FALSE)

Validate a token based on $value, the current user session and private key or penultimate private key.

Parameters

$token The token to be validated.

$value An additional value to base the token on

Return value

True for a valid token, False for an invalid token.

Related topics

▸ 1 function calls drupal_valid_token()

▾ 1 function calls drupal_valid_token()

drupal_check_token in includes/common.inc: Check the form token if there is POST data for an authenticated user to defend against cross site request forgeries.

Code

includes/common.inc, line 962

<?php
function drupal_valid_token($token, $value = '') {  
  return ($token == md5(session_id() . $value . variable_get('drupal_private_key', '')));    
}
?>

Login or register to post comments

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.