Collections functions
General functions
Node functions
Render functions
Theme permission functions
User functions
Resource functions

rs_validate_token()

Description

Used to compare the user's provided token with the expected value derived from the given identifier

Used by isValidCSRFToken()
Also used on upload_batch to validate an upload session when user cookie not available (i.e. companion uploads)

Parameters

ColumnTypeDefaultDescription
$token_data string Encrypted token data
$id string Identifier

Return

bool *

Location

include/encryption_functions.php lines 217 to 245

Definition

 
function rs_validate_token($token_data$id)
    {
    if(
trim($token_data) === "")
        {
        
debug("rs_validate_token(): INVALID - no token data");
        return 
false;
        }

    
$plaintext rsDecrypt($token_data$id);
    if(
$plaintext === false)
        {
        
debug("rs_validate_token(): INVALID - unable to decrypt token data");
        return 
false;
        }
    
$csrf_data json_decode($plaintexttrue);
    if(
is_null($csrf_data))
        {
        
debug("rs_validate_token(): INVALID - unable to decode token data");
        return 
false;
        }

    if(
$csrf_data["session"] === $id)
        {
        return 
true;
        }

    
debug("rs_validate_token(): INVALID - decoded value does not match");
    return 
false;
    }

This article was last updated 29th May 2024 09:35 Europe/London time based on the source file dated 23rd February 2024 17:00 Europe/London time.