/** * Validate a token. * * Tokens should be deleted if they are generated as one-time tokens * with a unique ID each time. If the are per-session, then they should be * generated with the same unique ID and not deleted when validated here. * * @param string $token Token to validate. * @param boolean $delete Whether to delete the token if valid. * @param boolean $checkExpire Whether to check for token expiry. * * @return boolean */ public function validate($token, $delete = true, $checkExpire = true) { if (!$token) { return false; } list($id, $hash, $timestamp) = $this->tokenGenerator->decode($token); $decoded = array('id' => $id, 'timestamp' => $timestamp); // Check if token ID exists first. $stored = $this->storage->get($decoded['id']); if (!$stored) { return false; } // Check if the token has been tampered with. $duplicateToken = $this->tokenGenerator->generate($decoded['id'], $decoded['timestamp'])->getToken(); if ($stored['token'] !== $duplicateToken) { $this->storage->delete($decoded['id']); return false; } // Check if token has expired. if ($checkExpire) { $timeDiff = (int) $decoded['timestamp'] + $this->maxlifetime - time(); if ($timeDiff < 0) { $this->storage->delete($decoded['id']); return false; } } // All checked out, delete the token and return true. if ($delete) { $this->storage->delete($decoded['id']); } return true; }
/** * Delete token. * * @return void */ public function delete() { $this->storage->delete($this->token); }