coercive/token

基于时间的Coercive Token安全

维护者

详细信息

github.com/Coercive/Token

主页

源代码

问题

安装次数: 1,648

依赖项: 0

建议者: 0

安全: 0

星标: 1

关注者: 3

分支: 0

公开问题: 0

1.2.3 2021-06-15 23:21 UTC

Requires

  • php: >=7.0

MIT 757db9f08ba3f43d83dd5f9bdf3a983943bcab70

This package is auto-updated.

Last update: 2024-09-16 06:07:43 UTC

README

Token 允许您计算当前时间以及之前或之后的有效令牌。此令牌基于会话代码、盐和时间服务器。

获取

composer require coercive/token

用法

<?php
use Coercive\Security\Token\Token;

# REQUIRED : if not, Token throws you an exception
session_start();

# INIT
$Token = new Token(128, 'mySalt0123');

// The first parameter is the length of the random string used in the token
// The second parameter is the custom salt used in the token
// The thirth parameter allow you to specify where the token datas will be store
// The thourth parameter allow you to specify a name for the default global token (if noname)

# CREATE a token
$myKey = $Token->create('example');

# SEND this token with a form (for example)
# and test like this
if( $Token->check( $myKey , 'example' ) ) {
    echo 'Good token !';
    $Token->delete('example');
} else {
    die('Wrong token detected');
}

用于通过AJAX或其他复杂检测加载表单

<?php

$Token->check( $myKey , 'example', 'http://www.my-custom-referer');

# OR

$Token->check( $myKey , 'example', [
    'http://www.my-custom-referer-1',
    'http://www.my-custom-referer-2',
    'http://www.my-custom-referer-3'
]);

获取其他用途的令牌

<?php

# A basic random string
Token::rand(256);

# A uniq id based on session, salt, random string...
$Token->uniqId();

# A basic (unsafe) token based on datetime
$Token->timer();

# You can use a crypt for customise the timer token
$crypt = 1234567890;
$Token->timer(crypt);