Method checkToken

public static bool

checkToken

(mixed $method = 'post')

Checks for a form token in the request.

Parameters

string $method The request method in which to look for the token key.

Returns

bool True if found and valid, false otherwise.

Since

2.5.4

Class: Session

Project: Joomla

Method checkToken - Source code

/**
 * Checks for a form token in the request.
 *
 * Use in conjunction with HTMLHelper::_('form.token') or JSession::getFormToken.
 *
 * @param   string  $method  The request method in which to look for the token key.
 *
 * @return  boolean  True if found and valid, false otherwise.
 *
 * @since   2.5.4
 */
public static function checkToken($method = 'post')
{
    $app = Factory::getApplication();
    $token = static::getFormToken();
    // Check from header first
    if ($token === $app->input->server->get('HTTP_X_CSRF_TOKEN', '', 'alnum')) {
        return true;
    }
    // Then fallback to HTTP query
    if (!$app->input->{$method}->get($token, '', 'alnum')) {
        if ($app->getSession()->isNew()) {
            // Redirect to login screen.
            $app->enqueueMessage(Text::_('JLIB_ENVIRONMENT_SESSION_EXPIRED'), 'warning');
            $app->redirect(Route::_('index.php'));
            return true;
        }
        return false;
    }
    return true;
}

Search

Methods

Method checkToken

Method checkToken - Source code