Check form key
From phpBB Development Wiki
check_form_key -- Check the form key.
Contents |
Description
boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])
This function is used to check a given form key which was generated with the add_form_key function.
- Note: This check is required for all actions which alter the database and are not already secured by confirm_box !
Parameters
| Parameter | Usage |
|---|---|
| form_name | The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply. |
| timespan | The maximum acceptable age for a submitted form in seconds. Defaults to the config setting. |
| return_page | The address for the return link.
|
| trigger | If true, the function will triger an error when encountering an invalid form. |
Examples
All these examples use the form_name that is set in the first example in the add_form_token article!
Example #1 Only check
If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.
if (!check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID']);
}
Example #2 Time limit
With this function you have the possibility to force a user to submit a form within a x number of seconds. To do this you'll have to pass the second parameter.
// Give the user 30 seconds to finish this form
if (!check_form_key($form_key, 30))
{
trigger_error($user->lang['FORM_INVALID']);
}
Example #3 Trigger error
To let the function trigger the error when the check fails you must set the fourth parameter to true.
check_form_key($form_key, false, '', true);
See Also
