Overview

Namespaces

  • None
  • Xmf
    • Database
    • Module
      • Helper
    • Template
  • Xoops
    • Auth
    • Core
      • Cache
      • Database
        • Logging
        • Schema
      • Exception
      • Handler
        • Scheme
      • Kernel
        • Dtype
        • Handlers
        • Model
      • Lists
      • Locale
        • Punic
      • Service
        • Contract
      • Session
      • Text
        • Sanitizer
          • Extensions
      • Theme
        • Plugins
    • Form
    • Html
    • Locale
    • Module
      • Helper
      • Plugin

Classes

  • Assets
  • ComposerUtility
  • Events
  • FilterInput
  • FixedGroups
  • HttpRequest
  • Logger
  • MediaUploader
  • MimeTypes
  • PreloadItem
  • Psr0ClassLoader
  • Psr4ClassLoader
  • Random
  • Registry
  • Request
  • Security
  • XoopsTpl
  • Yaml

Interfaces

  • AttributeInterface
  • Overview
  • Namespace
  • Class
  • Tree

Class Security

XOOPS security handler

Direct known subclasses

XoopsSecurity
Namespace: Xoops\Core
Package: Security
Category: Xoops\Core
Copyright: 2014-2015 XOOPS Project (http://xoops.org)
License: GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
Author: Richard Griffith richard@geekwright.com
Version: Release: 1.0
Since: 2.0.0
Link: http://xoops.org
Located at oops_lib/Xoops/Core/Security.php
Methods summary
public boolean
# check( boolean $clearIfValid = true, boolean $token = false, string $name = 'XOOPS_TOKEN' )

Check if there is a valid token in $_REQUEST[$name . '_REQUEST']

Check if there is a valid token in $_REQUEST[$name . '_REQUEST']

Parameters

$clearIfValid
whether to clear the token after validation
$token
token to validate
$name
name of session variable

Returns

boolean
public string
# createToken( integer $timeout = 300, string $name = 'XOOPS_TOKEN' )

Create a token in the user's session

Create a token in the user's session

Parameters

$timeout
time in seconds the token should be valid
$name
name of session variable

Returns

string
token value
public boolean
# validateToken( string|boolean $token = false, boolean $clearIfValid = true, string $name = 'XOOPS_TOKEN' )

Check if a token is valid. If no token is specified, $_REQUEST[$name . '_REQUEST'] is checked

Check if a token is valid. If no token is specified, $_REQUEST[$name . '_REQUEST'] is checked

Parameters

$token
token to validate
$clearIfValid
whether to clear the token value if valid
$name
session name to validate

Returns

boolean
public
# clearTokens( string $name = 'XOOPS_TOKEN' )

Clear all token values from user's session

Clear all token values from user's session

Parameters

$name
session name
public boolean
# filterToken( string $token )

Check whether a token value is expired or not

Check whether a token value is expired or not

Parameters

$token
token

Returns

boolean
public
# garbageCollection( string $name = 'XOOPS_TOKEN' )

Perform garbage collection, clearing expired tokens

Perform garbage collection, clearing expired tokens

Parameters

$name
session name
public boolean
# checkReferer( integer $docheck = 1 )

Check the user agent's HTTP REFERER against XOOPS_URL

Check the user agent's HTTP REFERER against XOOPS_URL

Parameters

$docheck
0 to not check the referer (used with XML-RPC), 1 to actively check it

Returns

boolean
public
# checkBadips( )

Check if visitor's IP address is banned Should be changed to return bool and let the action be up to the calling script

Check if visitor's IP address is banned Should be changed to return bool and let the action be up to the calling script

public string
# getTokenHTML( string $name = 'XOOPS_TOKEN' )

Get the HTML code for a Xoops\Form\Token object - provides a hidden token field used in forms that do not use Xoops\Form elements

Get the HTML code for a Xoops\Form\Token object - provides a hidden token field used in forms that do not use Xoops\Form elements

Parameters

$name
session token name

Returns

string
public
# setErrors( string $error )

Add an error

Add an error

Parameters

$error
message
public array|string
# getErrors( boolean $ashtml = false )

Get generated errors

Get generated errors

Parameters

$ashtml
Format using HTML?

Returns

array|string
Array of array messages OR HTML string
API documentation generated by ApiGen