• Home
  • Horde_Token_Base

PHP Class Horde_Token_Base, horde

Copyright 2010-2016 Horde LLC (http://www.horde.org/) See the enclosed file COPYING for license information (LGPL). If you did not receive this file, see http://www.horde.org/licenses/lgpl21.
Author: Max Kalika ([email protected])
Author: Chuck Hagenbuch ([email protected])
Mostra file Open project: horde/horde Class Usage Examples

Protected Properties

Property Type Description
$_params array Hash of parameters necessary to use the chosen backend.

Public Methods

Method Description
__construct ( array $params ) Constructor.
add ( string $tokenID ) Add a token ID.
exists ( string $tokenID ) : boolean Does the token exist?
get ( string $seed = '' ) : string Return a new signed token.
getNonce ( ) : string Return a "number used once" (a concatenation of a timestamp and a random numer).
isValid ( string $token, string $seed = '', integer $timeout = null, boolean $unique = false ) : boolean Validate a signed token.
purge ( ) Delete all expired connection IDs.
validate ( string $token, string $seed = '', integer $timeout = null ) : array Is the given token still valid? Throws an exception in case it is not.
validateUnique ( string $token, string $seed = '' ) : null Is the given token valid and has never been used before? Throws an exception otherwise.
verify ( string $token ) : boolean Checks if the given token has been previously used. First purges all expired tokens. Then retrieves current tokens for the given ip address. If the specified token was not found, adds it.

Protected Methods

Method Description
_encodeRemoteAddress ( ) : string Encodes the remote address.

Private Methods

Method Description
_decode ( string $token ) : array Decode a token into the prefixed nonce and the hash.
_hash ( string $text ) : string Sign the given text with the secret.
_isExpired ( string $nonce, integer $timeout ) : boolean Has the nonce expired?

Method Details

__construct() public method

Constructor.
public __construct ( array $params )
$params array Required parameters: - secret (string): The secret string used for signing tokens. Optional parameters: - token_lifetime (integer): The number of seconds after which tokens time out. Negative numbers represent "no timeout". The default is "-1". - timeout (integer): The period (in seconds) after which an id is purged. DEFAULT: 86400 (24 hours)

_encodeRemoteAddress() protected method

Encodes the remote address.
protected _encodeRemoteAddress ( ) : string
return string Encoded address.

add() abstract public method

Add a token ID.
abstract public add ( string $tokenID )
$tokenID string Token ID to add.

exists() abstract public method

Does the token exist?
abstract public exists ( string $tokenID ) : boolean
$tokenID string Token ID.
return boolean True if the token exists.

get() public method

Return a new signed token.
public get ( string $seed = '' ) : string
$seed string A unique ID to be included in the token.
return string The new token.

getNonce() public method

Return a "number used once" (a concatenation of a timestamp and a random numer).
public getNonce ( ) : string
return string A string of 6 bytes.

isValid() public method

Validate a signed token.
public isValid ( string $token, string $seed = '', integer $timeout = null, boolean $unique = false ) : boolean
$token string The signed token.
$seed string The unique ID of the token.
$timeout integer Timout of the token in seconds. Values below zero represent no timeout.
$unique boolean Should validation of the token succeed only once?
return boolean True if the token was valid.

purge() abstract public method

Delete all expired connection IDs.
abstract public purge ( )

validate() public method

Is the given token still valid? Throws an exception in case it is not.
public validate ( string $token, string $seed = '', integer $timeout = null ) : array
$token string The signed token.
$seed string The unique ID of the token.
$timeout integer Timout of the token in seconds. Values below zero represent no timeout.
return array An array of two elements: The nonce and the hash.

validateUnique() public method

Is the given token valid and has never been used before? Throws an exception otherwise.
public validateUnique ( string $token, string $seed = '' ) : null
$token string The signed token.
$seed string The unique ID of the token.
return null

verify() public method

Checks if the given token has been previously used. First purges all expired tokens. Then retrieves current tokens for the given ip address. If the specified token was not found, adds it.
public verify ( string $token ) : boolean
$token string The value of the token to check.
return boolean True if the token has not been used, false otherwise.

Property Details

$_params protected_oe property

Hash of parameters necessary to use the chosen backend.
protected array $_params
return array