Gdn_Session::validateTransientKey PHP Method

Gdn_Session Class Documentation Mostrar archivo Open project: vanilla/vanilla

validateTransientKey() public method

Validates that $ForeignKey was generated by the current user.
public validateTransientKey ( string $ForeignKey, $ValidateUser = true ) : boolean
$ForeignKey string The key to validate.
return boolean 
    public function validateTransientKey($ForeignKey, $ValidateUser = true)
    {
        static $ForceValid = false;
        if ($ForeignKey === true) {
            $ForceValid = true;
        }
        if (!$ForceValid && $ValidateUser && $this->UserID <= 0) {
            $Return = false;
        }
        if (!isset($Return)) {
            // Checking the postback here is a kludge, but is absolutely necessary until we can test the ValidatePostBack more.
            $Return = $ForceValid && Gdn::request()->isPostBack() || $ForeignKey === $this->_TransientKey && $this->_TransientKey !== false;
        }
        if (!$Return && $ForceValid !== true) {
            if (Gdn::session()->User) {
                Logger::event('csrf_failure', Logger::ERROR, 'Invalid transient key for {username}.');
            } else {
                Logger::event('csrf_failure', Logger::ERROR, 'Invalid transient key.');
            }
        }
        return $Return;
    }
Gdn_Session
__construct
addPermissions
checkPermission
checkRankedPermission
end
ensureTransientKey
getAttribute
getAttributes
getCookie
getInstance
getPermissions
getPermissionsArray
getPreference
getPublicStash
getStashSession
getTimeZone
hourOffset
isValid
newVisit
setAttribute
setCookie
setPermission
setPreference
setPublicStash
start
stash
transientKey
validateTransientKey