/** * @param \string[] ...$keys * @return Obfuscator */ public function setFields(string ...$keys) : self { $keysCount = count($keys); $bitsCount = $keysCount * (self::OBFUSCATE_KEY_SIZE * 4); // Get cryptographically secure random bytes $bytes = Security::randomKey($bitsCount); $bytes = str_split($bytes, self::OBFUSCATE_KEY_SIZE); // Make sure there are no duplicates some how if (count($bytes) !== count(array_unique($bytes))) { // Repeating key detected, retry return call_user_func_array([$this, "setFields"], $keys); } // Iterate through keys $count = 0; foreach ($keys as $key) { $this->obfuscated[$key] = $bytes[$count]; $count++; } // Save hash $this->hash = hash("sha1", implode(":", array_keys($this->obfuscated))); // Save to session? if (isset($this->sessionBag)) { $this->sessionBag->getBag($this->name)->set("hash", $this->hash)->set("fields", $this->obfuscated); } // Chain return $this; }
/** * @param int $expire * @return string * @throws SecurityException */ public function setToken(int $expire = 0) : string { // Set expiry for token? if ($expire > 0) { // Add time stamp if expire is > 0 $expire += time(); } // Securely generate random CSRF token // 160 bits = 40 (hexadecimal) characters $token = Security::randomKey(160); // Write token to session bag $this->sessionBag->set("token", $token)->set("expire", $expire); // Return token return $token; }