class Token (View source)

Constants

VALID_HASH_TIME_THRESHOLD

Duration (in seconds) of a token.

DEFAULT_TOKEN_NAME

The default name of the token parameters.

Methods

string
getErrorMessage()

Get the error message to be shown to the users when a token is not valid.

string|void
output(string $action = '', bool $return = false)

Create the HTML code of a token.

string
generate(string $action = '', int $time = null)

Generates a token for a given action. This is a token in the form of time:hash, where hash is md5(time:userID:action:pepper).

string
getParameter(string $action = '')

Generate a token and return it as a query string variable (eg 'ccm_token=...').

bool
validate(string $action = '', string $token = null)

Validate a token against a given action.

Details

string getErrorMessage()

Get the error message to be shown to the users when a token is not valid.

Return Value

string

string|void output(string $action = '', bool $return = false)

Create the HTML code of a token.

Parameters

string $action

An optional identifier of the token

bool $return

Set to true to return the generated code, false to print it out

Return Value

string|void

string generate(string $action = '', int $time = null)

Generates a token for a given action. This is a token in the form of time:hash, where hash is md5(time:userID:action:pepper).

Parameters

string $action

An optional identifier of the token

int $time

The UNIX timestamp to be used to determine the token expiration

Return Value

string

string getParameter(string $action = '')

Generate a token and return it as a query string variable (eg 'ccm_token=...').

Parameters

string $action

Return Value

string

bool validate(string $action = '', string $token = null)

Validate a token against a given action.

Basically, we check the passed hash to see if: a. the hash is valid. That means it computes in the time:action:pepper format b. the time included next to the hash is within the threshold.

Parameters

string $action

The action that should be associated to the token

string $token

The token to be validated (if empty we'll retrieve it from the current request)

Return Value

bool