validate()) { * $token->remove(); * echo 'valid!'; * else { * echo 'invalid!'; * } * ?> * * request token test * *

* ..... * * * *

* * * * Copyright (c) 2007, Sugano "Koshian" Yoshihisa(E) * All rights reserved. * * Redistribution and use in source and binary forms, with or * without modification, are permitted provided that the following * conditions are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * * Neither the name of the MiSAO Network nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * */ class RequestToken { var $token = null; var $name = null; var $strength = null; var $expires = null; // constructor function RequestToken($expires = 3600, $strength = 64, $name = 'token') { if (session_id() == "") { session_start(); } $this->name = $name; $this->strength = $strength; $this->expires = $expires; return $this; } function issue() { if (!isset($_SESSION[$this->name]) || $_SESSION[$this->name.'_expires'] < time()) { $this->real_issue(); } return $_SESSION[$this->name]; } function real_issue() { $_SESSION[$this->name] = $this->get_rnd_chars($this->strength); $_SESSION[$this->name.'_expires'] = time() + $this->expires; return $_SESSION[$this->name]; } function validate($token = false) { if (!$token) { $token = $_POST[$this->name]; } if ($_SESSION[$this->name] == $token && $_SESSION[$this->name.'_expires'] > time()) { return true; } else { return false; } } function remove() { unset($_SESSION[$this->name]); unset($_SESSION[$this->name.'_expires']); } function get_rnd_chars($digit) { $seed = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $result = ''; for ($i = 0; $i < $digit; $i++) { $rn = round(rand(0, strlen($seed) - 1)); $result .= substr($seed, $rn, 1); } return $result; } } ?>