/** * Checks that the specified token matches the current logged in user token * Protection against CSRF * * @return throws exception if token doesn't match */ protected function checkTokenInUrl() { if (Core_Common::getRequestVar('token_auth', false) != Core_Common::getCurrentUserAuth()) { throw new Core_Access_NoAccessException('Invalid Auth Token'); } }