From 9720af86d005d3590bb85f204e753cee520c4507 Mon Sep 17 00:00:00 2001 From: Isaiah DeRose-Wilson Date: Thu, 20 Jan 2011 14:20:58 -0500 Subject: [PATCH] Added token generation method, and make it check the database to enforce unique tokens. Fixes #3295 --- auth-schema-mysql.sql | 3 ++- classes/model/auth/user/token.php | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/auth-schema-mysql.sql b/auth-schema-mysql.sql index e1c0027..ec4a4a8 100644 --- a/auth-schema-mysql.sql +++ b/auth-schema-mysql.sql @@ -32,7 +32,8 @@ CREATE TABLE IF NOT EXISTS `user_tokens` ( `id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT, `user_id` int(11) UNSIGNED NOT NULL, `user_agent` varchar(40) NOT NULL, - `token` varchar(32) NOT NULL, + `token` varchar(40) NOT NULL, + `type` varchar(100) NOT NULL, `created` int(10) UNSIGNED NOT NULL, `expires` int(10) UNSIGNED NOT NULL, PRIMARY KEY (`id`), diff --git a/classes/model/auth/user/token.php b/classes/model/auth/user/token.php index 2cf7c9a..ede1ee8 100644 --- a/classes/model/auth/user/token.php +++ b/classes/model/auth/user/token.php @@ -21,9 +21,6 @@ public function __construct($id = NULL) { parent::__construct($id); - // Set the now, we use this a lot - $this->_now = time(); - if (mt_rand(1, 100) === 1) { // Do garbage collection @@ -52,4 +49,22 @@ public function delete_expired() return $this; } + public function create(Validation $validation = NULL) + { + $this->token = $this->create_token(); + + return parent::create($validation); + } + + protected function create_token() + { + do + { + $token = sha1(uniqid(Text::random('alnum', 32), TRUE)); + } + while(ORM::factory('user_token', array('token' => $token))->loaded()); + + return $token; + } + } // End Auth User Token Model \ No newline at end of file