Overview

Packages

  • Auth
    • Ads
    • Ldap
    • Xoops
  • Autotasks
  • Config
    • Category
    • Item
    • Option
  • Core
    • Filesystem
    • Filters
    • Logger
    • Mail
    • Message
    • Password
    • Security
    • StopSpammer
    • Template
    • Textsanitizer
    • VersionChecker
  • Data
    • Avatar
    • Comment
  • Database
    • Connection
    • Criteria
    • Legacy
    • MySQL
    • PDO
    • Updater
  • Feeds
    • RSS
  • File
  • Form
    • Base
    • Elements
  • ICMS
    • IPF
      • View
  • Image
    • Category
  • Ipf
    • Category
    • Controller
    • Export
    • form
    • Keyhighlighter
    • Member
    • Object
    • Permission
    • richfile
    • Tree
    • urllink
    • View
  • kernel
    • Set
  • Member
    • Group
    • GroupMembership
    • GroupPermission
    • User
  • Messaging
  • Module
  • None
  • Notification
  • Page
  • Plugins
    • Editor
  • Preload
    • Libraries
  • Privmessage
  • Session
  • SmartObject
  • View
    • Block
    • Breadcrumb
    • PageNav
    • PrinterFriendly
    • Template
    • Templates
    • Theme
    • Tree

Classes

  • icms_core_Security
  • Overview
  • Package
  • Class

Class icms_core_Security

Class for managing security aspects such as checking referers, applying tokens and checking global variables for contamination

Package: Core\Security
Category: ICMS
Copyright: (c) 2000-2005 The Xoops Project - www.xoops.org
License: GNU General Public License (GPL)
Author: Jan Pedersen mithrandir@xoops.org
Located at core/Security.php
Methods summary
public static
# service( )

Initialize the icms::$security service

Initialize the icms::$security service

public
# __construct( )

Constructor

Constructor

public boolean
# check( boolean $clearIfValid = true, string $token = false, string $name = _CORE_TOKEN )

Check if there is a valid token in $_REQUEST[$name . '_REQUEST'] - can be expanded for more wide use, later (Mith)

Check if there is a valid token in $_REQUEST[$name . '_REQUEST'] - can be expanded for more wide use, later (Mith)

Parameters

$clearIfValid
whether to clear the token after validation
$token
token to validate
$name
session name

Returns

boolean
public string
# createToken( integer $timeout = 0, string $name = _CORE_TOKEN )

Create a token in the user's session

Create a token in the user's session

Parameters

$timeout
time in seconds the token should be valid
$name
session name

Returns

string
token value
public boolean
# validateToken( string $token = false, boolean $clearIfValid = true, string $name = _CORE_TOKEN )

Check if a token is valid. If no token is specified, $_REQUEST[$name . '_REQUEST'] is checked

Check if a token is valid. If no token is specified, $_REQUEST[$name . '_REQUEST'] is checked

Parameters

$token
token to validate
$clearIfValid
whether to clear the token value if valid
$name
session name to validate

Returns

boolean
public
# clearTokens( string $name = _CORE_TOKEN )

Clear all token values from user's session

Clear all token values from user's session

Parameters

$name
session name
public boolean
# filterToken( string $token )

Check whether a token value is expired or not

Check whether a token value is expired or not

Parameters

$token

Returns

boolean
public
# garbageCollection( string $name = _CORE_TOKEN )

Perform garbage collection, clearing expired tokens

Perform garbage collection, clearing expired tokens

Parameters

$name
session name
public boolean
# checkReferer( integer $docheck = 1 )

Check the user agent's HTTP REFERER against ICMS_URL

Check the user agent's HTTP REFERER against ICMS_URL

Parameters

$docheck
0 to not check the referer (used with XML-RPC), 1 to actively check it

Returns

boolean
public
# checkSuperglobals( )

Check superglobals for contamination

Check superglobals for contamination

public
# checkBadips( )

Check if visitor's IP address is banned

Check if visitor's IP address is banned

public string
# getTokenHTML( $name = _CORE_TOKEN )

Get the HTML code for a @link icms_form_elements_Hiddentoken object - used in forms that do not use XoopsForm elements

Get the HTML code for a @link icms_form_elements_Hiddentoken object - used in forms that do not use XoopsForm elements

Returns

string
public
# setErrors( string $error )

Add an error

Add an error

Parameters

$error
public array|string &
# getErrors( boolean $ashtml = false )

Get generated errors

Get generated errors

Parameters

$ashtml
Format using HTML?

Returns

array|string
Array of array messages OR HTML string
Properties summary
public array $errors
# array()
API documentation generated by ApiGen