I'm currently making a custom add-on for my forum, and a part of it is where it communicates with an outside source for storing/editing data. (I'm a homegrown php coder, and haven't learned MVC, so using a complete integration with XF is not really an option here). However, I want to make sure that the data being sent - say when a user is editing a post, is actually secure. To my knowledge, XenForo confirms this using the _xfToken field for posts, searches, etc., which I also want to use (since it's already set up, and secure).
So, the big question is:
Where can I verify/confirm that a _xfToken is actually the correct _xfToken for the username who submitted it? I can't seem to find it in the Forum MySQL Database, or in the XenForo Library files. What class/function handles this in XenForo?