Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

rs_validate_token()

Description

Used to compare the user's provided token with the expected value derived from the given identifier

Used by isValidCSRFToken()
Also used on upload_batch to validate an upload session when user cookie not available (i.e. companion uploads)

Parameters

ColumnTypeDefaultDescription
$token_data string Encrypted token data
$id string Identifier

Return

bool *

Location

include/encryption_functions.php lines 216 to 244

Definition

 
function rs_validate_token($token_data$id)
    {
    if(
trim($token_data) === "")
        {
        
debug("rs_validate_token(): INVALID - no token data");
        return 
false;
        }

    
$plaintext rsDecrypt($token_data$id);
    if(
$plaintext === false)
        {
        
debug("rs_validate_token(): INVALID - unable to decrypt token data");
        return 
false;
        }
    
$csrf_data json_decode($plaintexttrue);
    if(
is_null($csrf_data))
        {
        
debug("rs_validate_token(): INVALID - unable to decode token data");
        return 
false;
        }

    if(
$csrf_data["session"] === $id)
        {
        return 
true;
        }

    
debug("rs_validate_token(): INVALID - decoded value does not match");
    return 
false;
    }

This article was last updated 12th December 2024 12:05 Europe/London time based on the source file dated 1st October 2024 08:15 Europe/London time.