drupal_valid_token

Versions
4.6: drupal_valid_token($token, $value = '')
4.7 – 7: drupal_valid_token($token, $value = '', $skip_anonymous = FALSE)

Validate a token based on $value, the current user session and private key.

Parameters

$token The token to be validated.

$value An additional value to base the token on.

$skip_anonymous Set to true to skip token validation for anonymous users.

Return value

True for a valid token, false for an invalid token. When $skip_anonymous is true, the return value will always be true for anonymous users.

Related topics

▸ 1 function calls drupal_valid_token()

▾ 1 function calls drupal_valid_token()

drupal_validate_form in includes/form.inc: Validates user-submitted form data from a global variable using the validate functions defined in a structured form array.

Code

includes/common.inc, line 1938

<?php
function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) {
  global $user;
  return (($skip_anonymous && $user->uid == 0) || ($token == md5(session_id() . $value . variable_get('drupal_private_key', ''))));
}
?>

Login or register to post comments

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.