/** * Validate a one-time-password. * * @param strgin $otp * OTP supplied by user. * * @param string $action * See phpsecOtp::generate(). * * @param array $data * See phpsecOtp::generate(). * */ public static function validate($otp, $action, $data = '') { $cache = phpsecCache::cacheGet('otp-' . $action); if ($cache !== false) { if (!phpsecHash::check($otp, $cache['pw'])) { return false; } elseif (!phpsecHash::check(serialize($data), $cache['data'])) { return false; } phpsecCache::cacheRem('otp-' . $action); return true; } return false; }
/** * Validate a one-time-token generated with setToken(); * This function should be called before accepting data from a user-submitted form. * @see phpsecToken::setToken(); * * @param string $name * Name of the form to validate the token for. * * @return boolean * Returns true if the token is valid. Returns false otherwise. */ public static function validate($name, $token) { if (strlen($token) == 0) { return false; } $cacheToken = phpsecCache::cacheGet('token-' . $name); /* Check if the provided token matches the token in the cache. */ if ($cacheToken == $token) { /* Remove the token from the cahche so it can't be reused. */ phpsecCache::cacheRem('token-' . $name); return true; } return false; }