Skip to content

hook_civicrm_invalidateChecksum

Summary

This hook allows you to invalidate contact checksums (see https://docs.civicrm.org/user/en/latest/common-workflows/tokens-and-mail-merge/#checksum).

It does NOT allow marking a checksum as valid because it could easily open up a security hole - e.g. it could inadvertently allow access to data it shouldn't, especially if multiple extensions implement the hook.

Definition

hook_civicrm_invalidateChecksum($contactID, $checksum, &$invalid)

Parameters

  • $contactID (string) - The contact ID of the checksum.

  • $checksum (string) - The checksum to validate.

  • $invalid (bool) - Default false. Set this to true to invalidate.

Returns

  • null

Example (Invalidate a list of checksums)

/**
 * Implements hook_civicrm_invalidateChecksum().
 *
 * @param string $contactID
 * @param string $checksum
 * @param bool $invalid
 */
function example_civicrm_invalidateChecksum($contactID, $checksum, &$invalid) {
  // These checksums sent out hardcoded via mailing on 14th July (valid for 30 days)
  if (in_array($checksum, ['fdsfsdfdsf_sfsd_123', 'fsa34f30fsfs_sf34f_123'])) {
    $invalid = TRUE;
    \Civi::log()->warning('Invalidated checksum was used: ' . $checksum . ' for contact ID ' . $contactID);
    // Optionally trigger a redirect to another page explaining why it was invalid
    // CRM_Utils_System::redirect('https://example.org/invalidchecksumlandingpage');
  }
}