Difference between revisions of "Function.check form key"
From phpBB Development Wiki
Revision as of 06:59, 11 March 2010
check_form_key -- Check the form key.
boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])
This function is used to check a given form key which was generated with the add_form_key function.
- Note: This check is required for all actions which alter the database and are not already secured by confirm_box !
|form_name||The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply.|
|timespan||The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.|
|return_page|| The address for the return link.
|trigger||If true, the function will triger an error when encountering an invalid form.|
All these examples use the form_name that is set in the first example in the add_form_token article!
Example #1 Only check
If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.
Example #2 Time limit
With this function you have the possibility to force a user to submit a form within a x number of seconds. To do this you'll have to pass the second parameter.
// Give the user 30 seconds to finish this form
if (!check_form_key($form_key, 30))
Example #3 Trigger error
To let the function trigger the error when the check fails you must set the fourth parameter to true.
check_form_key($form_key, false, '', true);