public function sniff_token()
{
$locale = fusion_get_locale();
$error = FALSE;
if (!empty($_POST)) {
// Check if a token is being posted and make sure is a string
if (!isset($_POST['fusion_token']) || !isset($_POST['form_id']) || !is_string($_POST['fusion_token']) || !is_string($_POST['form_id'])) {
$error = $locale['token_error_2'];
} elseif (!isset($_SESSION['csrf_tokens'][self::pageHash()][$_POST['form_id']])) {
// Require set pageHash.
$error = $locale['token_error_9'];
// Check if the token exists in storage
} elseif (!in_array($_POST['fusion_token'], $_SESSION['csrf_tokens'][self::pageHash()][$_POST['form_id']])) {
$error = $locale['token_error_10'] . stripinput($_POST['fusion_token']);
} elseif (!self::verify_token(0)) {
$error = $locale['token_error_3'] . stripinput($_POST['fusion_token']);
}
}
// Check if any error was set
if ($error !== FALSE) {
// Flag the token as invalid
$this->tokenIsValid = FALSE;
// Flag that something went wrong
$this->stop();
if ($this->debug) {
// Add Error Notices
setError(2, $error, FUSION_SELF, FUSION_REQUEST, "");
addNotice('danger', $error);
}
}
}