Token.php

Go to the documentation of this file.

<?php

namespace Rsi\Fred;

/**
 *  Unique token generator/validator.
 */
class Token extends Component{

  public $length = 50;

  protected function hash($context,$token){
    return substr(base_convert(sha1(serialize($context) . $this->component('encrypt')->key . $token),16,36),0,$this->length / 2);
  }
  /**
   * Generate a token.
   * @param mixed $context  Context for the token.
   * @param int $ttl  Time-to-live in seconds (empty = indefinitely).
   * @return string  Random token for this context.
   */
  public function generate($context = null,$ttl = null){
    $token = $ttl ? base_convert(time() + $ttl,10,36) . '-' : '';
    $token .= \Rsi\Str::random($this->length / 2 - strlen($token) - 1,'[0-9][a-z]');
    return $token . '-' . $this->hash($context,$token);
  }
  /**
   * Check if a token is (still) valid.
   * @param string $token  Token to check.
   * @param mixed $context  Context for the token.
   * @return bool  True if the token is valid.
   */
  public function valid($token,$context = null){
    $result = false;
    try{
      if(strlen($token) == $this->length) switch(count($token = explode('-',$token))){
        case 3:
          if(base_convert($token[0],36,10) < time()) break;
        case 2:
          $hash = array_pop($token);
          $result = hash_equals($this->hash($context,implode('-',$token)),$hash);
      }
    }
    catch(\Exception $e){
      if($this->_fred->debug) throw $e;
    }
    $this->component('security')->bruteForceDelay($result,'token');
    return $result;
  }
  /**
   * Delete a token.
   * @return bool  True on success.
   */
  public function delete($token){
    return false;
  }

}