Token.php

Go to the documentation of this file.

<?php
namespace MediaWiki\Session;
 
class Token {
    const SUFFIX = '+\\';
 
    private $secret = '';
 
    private $salt = '';
 
    private $new = false;
 
    public function __construct( $secret, $salt, $new = false ) {
        $this->secret = $secret;
        $this->salt = $salt;
        $this->new = $new;
    }
 
    public static function getTimestamp( $token ) {
        $suffixLen = strlen( self::SUFFIX );
        $len = strlen( $token );
        if ( $len <= 32 + $suffixLen ||
            substr( $token, -$suffixLen ) !== self::SUFFIX ||
            strspn( $token, '0123456789abcdef' ) + $suffixLen !== $len
        ) {
            return null;
        }
 
        return hexdec( substr( $token, 32, -$suffixLen ) );
    }
 
    protected function toStringAtTimestamp( $timestamp ) {
        return hash_hmac( 'md5', $timestamp . $this->salt, $this->secret, false ) .
            dechex( $timestamp ) .
            self::SUFFIX;
    }
 
    public function toString() {
        return $this->toStringAtTimestamp( wfTimestamp() );
    }
 
    public function __toString() {
        return $this->toString();
    }
 
    public function match( $userToken, $maxAge = null ) {
        $timestamp = self::getTimestamp( $userToken );
        if ( $timestamp === null ) {
            return false;
        }
        if ( $maxAge !== null && $timestamp < wfTimestamp() - $maxAge ) {
            // Expired token
            return false;
        }
 
        $sessionToken = $this->toStringAtTimestamp( $timestamp );
        return hash_equals( $sessionToken, $userToken );
    }
 
    public function wasNew() {
        return $this->new;
    }
 
}