phpBB

Development Wiki

Difference between revisions of "Function.check form key"

From phpBB Development Wiki

m
m (Example #1 Only check)
Line 30: Line 30:
 
===Example #1 Only check===
 
===Example #1 Only check===
 
If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.
 
If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.
<php>if (!check_form_key('Formname'))
+
<php>if (!check_form_key($form_key))
 
{
 
{
 
   trigger_error($user->lang['FORM_INVALID']);
 
   trigger_error($user->lang['FORM_INVALID']);

Revision as of 07:26, 20 February 2009

check_form_key -- Check the form key.

Description

  1. boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])

This function is used to check a given form key that is generated with the add_form_key function.

Note: This is required for all altering actions not secured by confirm_box!

Parameters

Parameter Usage
form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply.
timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
return_page The address for the return link.
Note: This value is only used when the trigger parameter is set to true
trigger If true, the function will triger an error when encountering an invalid form.

Examples

All these examples use the form_name that is set in the first example in the add_form_token article!

Example #1 Only check

If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.

if (!check_form_key($form_key))
{
   
trigger_error($user->lang['FORM_INVALID']);
}

Example #2 Time limit

With this function you have the possibility to force a user to submit a form within a x number of seconds. To do this you'll have to pass the second parameter.

// Give the user 30 seconds to finish this form
if (!check_form_key('Formname'30))
{
   
trigger_error($user->lang['FORM_INVALID']);
}

Example #3 Trigger error

To let the function trigger the error when the check fails you must set the fourth parameter to true.

check_form_key('Formname'false''true);

See Also

add_form_key