68 $suffixLen = strlen( self::SUFFIX );
69 $len = strlen( $token );
70 if ( $len <= 32 + $suffixLen ||
71 substr( $token, -$suffixLen ) !== self::SUFFIX ||
72 strspn( $token,
'0123456789abcdef' ) + $suffixLen !== $len
77 return hexdec( substr( $token, 32, -$suffixLen ) );
86 return hash_hmac(
'md5', $timestamp . $this->salt, $this->secret,
false ) .
87 dechex( $timestamp ) .
109 public function match( $userToken, $maxAge =
null ) {
111 if ( $timestamp ===
null ) {
114 if ( $maxAge !==
null && $timestamp <
wfTimestamp() - $maxAge ) {
120 return hash_equals( $sessionToken, $userToken );