![[Main Page]](/modules/mediawiki/images/mediawiki.png)
The XoopsSecurity class is used to create a token to ensure the page was entered via the website and not entered via a potential cross-site (xsite) scripting method.
Enter the Xoops Token either using a form item or HTML:
[edit]
Usage In XOOPS Form Element
Usage in a Form item use the AddElement method:
$form->AddElement(new XoopsFormHiddenToken());
[edit]
Usage In HTML
For usage in a template or HTML directly, first generate the html by getting the token:
$html = $GLOBALS['xoopsSecurity']->getTokenHTML();
For example this creates a html <input> entity like:
<input type='hidden' name='XOOPS_TOKEN_REQUEST' id='XOOPS_TOKEN_REQUEST' value='9c87534e1fec743d0a985740a7ec927d' />
You can also pass the <input> entity to the template by assigning it to a Smarty variable, something like:
$xoopTpl->assign('token', $html);
Then place Smarty variable <{$token}> in the html template so it is included when the form is submitted.
[edit]
Validation
To validate the security code place the following in the form verification routine:
if ($GLOBALS['xoopsSecurity']->check()) {
// success path
} else {
// fails path
}
