Skip to content

Coercive/Token

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Coercive Token Security

Token allows you to calculate a valid token for the current time and the time before or after. This token is based on the session code, a salt, and time server.

Get

composer require coercive/token

Usage

<?php
use Coercive\Security\Token\Token;

# REQUIRED : if not, Token throws you an exception
session_start();

# INIT
$Token = new Token(128, 'mySalt0123');

// The first parameter is the length of the random string used in the token
// The second parameter is the custom salt used in the token
// The thirth parameter allow you to specify where the token datas will be store
// The thourth parameter allow you to specify a name for the default global token (if noname)

# CREATE a token
$myKey = $Token->create('example');

# SEND this token with a form (for example)
# and test like this
if( $Token->check( $myKey , 'example' ) ) {
    echo 'Good token !';
    $Token->delete('example');
} else {
    die('Wrong token detected');
}

For form load by AJAX or other complex detection

<?php

$Token->check( $myKey , 'example', 'http://www.my-custom-referer');

# OR

$Token->check( $myKey , 'example', [
    'http://www.my-custom-referer-1',
    'http://www.my-custom-referer-2',
    'http://www.my-custom-referer-3'
]);

Get token for others usages

<?php

# A basic random string
Token::rand(256);

# A uniq id based on session, salt, random string...
$Token->uniqId();

# A basic (unsafe) token based on datetime
$Token->timer();

# You can use a crypt for customise the timer token
$crypt = 1234567890;
$Token->timer(crypt);