Portions created by the Initial Developer are Copyright (C) 2019 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ /** * captcha class * * @method string get */ class token { /** * Called when the object is created */ //public $code; /** * Class constructor */ public function __construct() { } /** * Called when there are no references to a particular object * unset the variables used in the class */ public function __destruct() { foreach ($this as $key => $value) { unset($this->$key); } } /** * Create the token * @var string $key */ public function create($key) { //create a token and save in the token session array $_SESSION['tokens'][$key]['name'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32))); $_SESSION['tokens'][$key]['hash'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32))); //send the hash return $_SESSION['tokens'][$key]['hash']; } /** * validate the token * @var string $key */ public function validate($key, $value) { //compare the hashed tokens if (hash_equals($_SESSION['tokens'][$key]['hash'], $value)) { return true; } else { return false; } } } /* //create token $token = new token; $token_hash = $token->create('/app/users/user_edit.php'); echo ""; //------------------------ //validate the token $token = new token; $token_valid = $token->validate('/app/users/user_edit.php', $_POST['token']); if (!$token_valid) { echo "access denied"; exit; } */ ?>