Class Token

Methods summary

public
# getErrorMessage( )

For localization we can't just store this as a constant, unfortunately.

public string
# output( string $action = '', boolean $return = false )

Prints out a generated token as a hidden form field.

public string
# generate( string $action = '', integer $time = null )

Generates a unique token for a given action. This is a token in the form of time:hash, where hash is md5(time:userID:action:pepper).

public string
# getParameter( string $action = '' )

Returns a generated token as a query string variable.

public boolean
# validate( string $action = '', string $token = null )

Validates against a given action. Basically, we check the passed hash to see if a. the hash is valid. That means it computes in the time:action:pepper format b. the time included next to the hash is within the threshold.

Constants summary

integer VALID_HASH_TIME_THRESHOLD
# 86400