public static function verifyToken($token)
 {
     if (!isset($_SESSION['token'])) {
         self::generateToken();
         return false;
     }
     return Database::samePassword($_SESSION['token'], $token) === true;
 }