Mecha CMS

Mecha CMS blog and documentation.

Class Guardian

Updated: Sunday, 07 August 2016

Mecha’s guardian angel. Focused with addressing the security of Mecha and giving responses to what you did against Mecha.

Security Token

Make a Security Token

echo Guardian::token();

Delete the Security Token


Validate the Security Token

If it’s invalid, this method will redirect you to the login page:

Guardian::checkToken('some random token hash to be compared');

Note: Since version 1.0.2, custom URL redirection can be determined after the token input:

Guardian::checkToken('some random token hash to be compared', 'foo/bar');


Log In


The implementation above requires a login form with a token, user and pass input in it:

<form method="post">
  <input name="token" type="hidden">
  <input name="user" type="text">
  <input name="pass" type="password">
  <button type="submit">Login</button>

Log Out or Reject a Pilot


Check for Accepted Pilot

if(Guardian::happy()) {
    echo 'You are logged in.';

URL Redirection


By default, the URL path will be relative to the root domain. But you could also use full URL path for this, for example, if you want to redirect users to an external web page:


Input Validation Check

Check for Invalid URL Pattern

Guardian::check('', '->url');

Check for Invalid IP Address

Guardian::check('', '->ip');

Check for Invalid Email Address

Guardian::check('', '->email');

Check for Boolean

Guardian::check(1, '->boolean');

Check for Comparison

Guardian::check('foo', '->correct', 'bar');

The code above will returns false because foo is not equal to bar.

Check for Minimum Limit

Guardian::check($foo, '->too_small', 10);

$foo is the value to check, 10 is the minimum limit.

Check for Maximum Limit

Guardian::check($foo, '->too_large', 100);

$foo is the value to check, 100 is the maximum limit.

Check for Minimum Length

Guardian::check($foo, '->too_short', 5);

$foo is the value to check, 5 is the minimum length.

Check for Maximum Length

Guardian::check($foo, '->too_long', 3000);

$foo is the value to check, 3000 is the maximum length.

Create Your Own Checker

Added since version 1.1.2.

Guardian::checker('is_so_me', function($input) {
    return $input === 'meh';


if( ! Guardian::check('you', '->so_me') {
    echo 'Not me not me!';

Check for the Available Checker

Added since version 1.1.2.

if(Guardian::checkerExist('is_too_evil')) {

Security Data Transmission

Memorize the Submitted Data

Simply call the Guardian::memorize() method on every post submit:

if(Request::post()) {

Then you can call the cached value of the previous submitted data into the form input element like this using the Guardian::wayback() method:

<input name="name" type="text" value="<?php echo Guardian::wayback('name', 'default value goes here...'); ?>">

You could also set the guardian’s mind using an array like this:

    'foo' => 'bar',
    'test' => 'OK!'

Spell the Memorized Data

echo Guardian::wayback('foo');

The code above will outputs the cached value from the input element with name="foo" attribute in it.

Note: This is a one-time memory. So after you pull out the cached data from the guardian’s mind, then the outputted data will be forgotten. Most convenient way to deal with this problem if you want to display the cached data multiple times is by storing it in a variable:

$cached = Guardian::wayback();

echo $cached['foo'];
echo $cached['foo'];
echo $cached['foo'];

Force Guardian to Forget the Data


Abort PHP Script Execution

Guardian::abort('Configuration file not found. Aborted.');


Math Captcha

echo Guardian::math();

Read more about this captcha implementation here…

Image Captcha

Added since version 1.0.3.

echo Guardian::captcha();

Read more about this captcha implementation here…

Get the Users Details

Added since version 1.1.3.


Get the Accepted Pilot Details

echo Guardian::get('status');

Results for $data = Guardian::get():

 ├── token: 2aca087e57bba14c67fd3c57e8536364a3aXXXXX
 ├── user: admin
 ├── author: Taufik Nurrohman
 ├── status: pilot
 └── email:

Detect Mobile Devices

Added since version 1.1.3.

Check whether the page is accessed via a mobile device or not.

if(Guardian::choked()) {
    include 'mobile.php';
} else {
    include 'desktop.php';



usersWill affect the users data.
userWill affect the user data.
user:userWill affect the user’s user field.
user:passWill affect the user’s pass field.
user:nameWill affect the user’s name field.
user:statusWill affect the user’s status field.
user:emailWill affect the user’s email field.
guardian:kickWill affect the URL redirection.


before_kickWill be executed before page redirection.
Donation and Email Subscription