Development Wiki

Function.check form key

From phpBB Development Wiki

Revision as of 19:48, 9 March 2009 by Dog cow (Talk | contribs)

check_form_key -- Check the form key.


  1. boolean check_form_key (string $form_name, [int $timespan = false], [string $return_page = ''], [bool $trigger = false])

This function is used to check a given form key which was generated with the add_form_key function.

Note: This check is required for all actions which alter the database and are not already secured by confirm_box !


Parameter Usage
form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply.
timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
return_page The address for the return link.
Note: This value is only used when the trigger parameter is set to true
trigger If true, the function will triger an error when encountering an invalid form.


All these examples use the form_name that is set in the first example in the add_form_token article!

Example #1 Only check

If you only want to check whether the submitted form is valid you'll must do the error triggering in the php code.

if (!check_form_key($form_key))

Example #2 Time limit

With this function you have the possibility to force a user to submit a form within a x number of seconds. To do this you'll have to pass the second parameter.

// Give the user 30 seconds to finish this form
if (!check_form_key($form_key30))

Example #3 Trigger error

To let the function trigger the error when the check fails you must set the fourth parameter to true.


See Also