/**
* Validate a one-time-password.
*
* @param strgin $otp
* OTP supplied by user.
*
* @param string $action
* See phpsecOtp::generate().
*
* @param array $data
* See phpsecOtp::generate().
*
*/
public static function validate($otp, $action, $data = '')
{
$cache = phpsecCache::cacheGet('otp-' . $action);
if ($cache !== false) {
if (!phpsecHash::check($otp, $cache['pw'])) {
return false;
} elseif (!phpsecHash::check(serialize($data), $cache['data'])) {
return false;
}
phpsecCache::cacheRem('otp-' . $action);
return true;
}
return false;
}
/**
* Validate a one-time-token generated with setToken();
* This function should be called before accepting data from a user-submitted form.
* @see phpsecToken::setToken();
*
* @param string $name
* Name of the form to validate the token for.
*
* @return boolean
* Returns true if the token is valid. Returns false otherwise.
*/
public static function validate($name, $token)
{
if (strlen($token) == 0) {
return false;
}
$cacheToken = phpsecCache::cacheGet('token-' . $name);
/* Check if the provided token matches the token in the cache. */
if ($cacheToken == $token) {
/* Remove the token from the cahche so it can't be reused. */
phpsecCache::cacheRem('token-' . $name);
return true;
}
return false;
}
