Phosphorum\Utils\Security::checkPrefixedToken PHP Метод

Документация по классу Security Usage Examples Of Phosphorum\Utils\Security::checkPrefixedToken Показать файл Открыть проект

checkPrefixedToken() публичный Метод

Check if the CSRF token sent in the request is the same that the current in session.
public checkPrefixedToken ( string $prefix, string $tokenKey = null, string $tokenValue = null, boolean $destroyIfValid = true ) : boolean
$prefix string
$tokenKey string
$tokenValue string
$destroyIfValid boolean
Результат boolean 
    public function checkPrefixedToken($prefix, $tokenKey = null, $tokenValue = null, $destroyIfValid = true)
    {
        $prefixedKey = $prefix . ':' . $this->_tokenKeySessionID;
        $prefixedValue = $prefix . ':' . $this->_tokenValueSessionID;
        /** @var \Phalcon\Session\AdapterInterface $session */
        $session = $this->getDI()->getShared('session');
        if (!$tokenKey) {
            $tokenKey = $session->get($prefixedKey);
        }
        if (!$tokenKey) {
            return false;
        }
        if (!$tokenValue) {
            /** @var \Phalcon\Http\Request $request */
            $request = $this->getDI()->getShared('request');
            $tokenValue = $request->getPost($tokenKey);
        }
        $returnValue = $tokenValue == $session->get($prefixedValue);
        if ($returnValue && $destroyIfValid) {
            $this->destroyPrefixedToken($prefix);
        }
        return $returnValue;
    }

Usage Example

Пример #1
0
 /**
  * Tests Security::checkPrefixedToken method
  */
 public function testCheckPrefixedToken()
 {
     $this->specify('The Security::checkPrefixedToken works incorrectly', function () {
         $di = $this->setupDI();
         $s = new Security();
         $s->setDI($di);
         // Random token and token key check
         $tokenKey = $s->getPrefixedTokenKey('y');
         $token = $s->getPrefixedToken('y');
         $_POST = [$tokenKey => $token];
         expect($s->checkPrefixedToken('y', null, null, false))->true();
         expect($s->checkPrefixedToken('y'))->true();
         expect($s->checkPrefixedToken('y'))->false();
         // Destroy token check
         $tokenKey = $s->getPrefixedToken('z');
         $token = $s->getPrefixedToken('z');
         $s->destroyPrefixedToken('z');
         $_POST = [$tokenKey => $token];
         expect($s->checkPrefixedToken('z'))->false();
         // Custom token key check
         $token = $s->getPrefixedToken('abc');
         $_POST = ['custom_key' => $token];
         expect($s->checkPrefixedToken('abc', null, null, false))->false();
         expect($s->checkPrefixedToken('abc', 'other_custom_key', null, false))->false();
         expect($s->checkPrefixedToken('abc', 'custom_key'))->true();
         // Custom token value check
         $token = $s->getPrefixedToken('xyz');
         $_POST = [];
         expect($s->checkPrefixedToken('xyz', null, null, false))->false();
         expect($s->checkPrefixedToken('xyz', 'some_random_key', 'some_random_value', false))->false();
         expect($s->checkPrefixedToken('xyz', 'custom_key', $token))->true();
     });
 }
Security
checkPrefixedToken
destroyPrefixedToken
getPrefixedSessionToken
getPrefixedToken
getPrefixedTokenKey