Csrf::isTokenValid PHP Method

Csrf Class Documentation Usage Examples Of Csrf::isTokenValid Mostrar archivo Open project: panique/huge

isTokenValid() public static method

checks if CSRF token in session is same as in the form submitted
public static isTokenValid ( ) : boolean
return boolean 
    public static function isTokenValid()
    {
        $token = Request::post('csrf_token');
        return $token === Session::get('csrf_token') && !empty($token);
    }

Usage Example

Ejemplo n.º 1
0
 /**
  * The login action, when you do login/login
  */
 public function login()
 {
     // check if csrf token is valid
     if (!Csrf::isTokenValid()) {
         LoginModel::logout();
         Redirect::home();
         exit;
     }
     // perform the login method, put result (true or false) into $login_successful
     $login_successful = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
     // check login status: if true, then redirect user to user/index, if false, then to login form again
     if ($login_successful) {
         if (Request::post('redirect')) {
             Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));
         } else {
             Redirect::to('user/index');
         }
     } else {
         if (Request::post('redirect')) {
             Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/'));
         } else {
             Redirect::to('login/index');
         }
     }
 }
All Usage Examples Of Csrf::isTokenValid
Csrf
isTokenValid
makeToken