phpBB

Development Wiki

Difference between revisions of "Function.check form key"

From phpBB Development Wiki

m (Example #3 Trigger error)
m (Parameters)
 
(3 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
==Description==
 
==Description==
 
#<pre>boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])</pre>
 
#<pre>boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])</pre>
This function is used to check a given form key that is generated with the [[Add_form_key|add_form_key]] function.
+
This function is used to check a given form key which was generated with the [[Add_form_key|add_form_key]] function.
: <div class="toc" style="padding:10px;">'''Note''': This is required for all altering actions not secured by confirm_box!</div>
+
: <div class="toc" style="padding:10px;">'''Note''': This check is required for all actions which alter the database and are not already secured by confirm_box !</div>
  
 
==Parameters==
 
==Parameters==
Line 22: Line 22:
 
|-
 
|-
 
| '''trigger'''
 
| '''trigger'''
| If true, the function will triger an error when encountering an invalid form.
+
| If true, the function will trigger an error when encountering an invalid form.
 
|}
 
|}
  
Line 52: Line 52:
 
[[Category:Functions]]
 
[[Category:Functions]]
  
[[ja:Check_form_key]]
+
[[ja:Function.check_form_key]]

Latest revision as of 20:32, 5 August 2011

check_form_key -- Check the form key.

Description

  1. boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])

This function is used to check a given form key which was generated with the add_form_key function.

Note: This check is required for all actions which alter the database and are not already secured by confirm_box !

Parameters

Parameter Usage
form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply.
timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
return_page The address for the return link.
Note: This value is only used when the trigger parameter is set to true
trigger If true, the function will trigger an error when encountering an invalid form.

Examples

All these examples use the form_name that is set in the first example in the add_form_token article!

Example #1 Only check

If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.

if (!check_form_key($form_key))
{
   
trigger_error($user->lang['FORM_INVALID']);
}

Example #2 Time limit

With this function you have the possibility to force a user to submit a form within a x number of seconds. To do this you'll have to pass the second parameter.

// Give the user 30 seconds to finish this form
if (!check_form_key($form_key30))
{
   
trigger_error($user->lang['FORM_INVALID']);
}

Example #3 Trigger error

To let the function trigger the error when the check fails you must set the fourth parameter to true.

check_form_key($form_keyfalse''true);

See Also

add_form_key