mako\Security

Description

Class containing security related methods.

Class methods

protected __construct()

Protected constructor since this is a static class.

Return value

NULL

protected function __construct()
{
	// Nothing here
}

Toggle source

protected static sessionStart()

Starts session if it doesn't exist.

Return value

NULL

protected static function sessionStart()
{
	if(session_id() === '')
	{
		Session::start();
	}
}

Toggle source

public static generateToken()

Returns random security token.

Return value

string

public static function generateToken()
{
	static::sessionStart();
	
	if(!isset($_SESSION[MAKO_APPLICATION_ID . '_token']))
	{
		$_SESSION[MAKO_APPLICATION_ID . '_token'] = array();	
	}
	else
	{
		$_SESSION[MAKO_APPLICATION_ID . '_token'] = array_slice($_SESSION[MAKO_APPLICATION_ID . '_token'], 0, (static::MAX_TOKENS - 1)); // Only store MAX_TOKENS tokens per session
	}
	
	$token = md5(uniqid('token', true));
	
	array_unshift($_SESSION[MAKO_APPLICATION_ID . '_token'], $token);
	
	return $token;
}

Toggle source

public static validateToken($token)

Validates security token.

Parameters

Type	Description
string	Security token

Return value

boolean

public static function validateToken($token)
{
	static::sessionStart();
	
	$key = array_search($token, $_SESSION[MAKO_APPLICATION_ID . '_token']);
	
	if($key !== false)
	{
		unset($token, $_SESSION[MAKO_APPLICATION_ID . '_token'][$key]);
		
		return true;
	}
	
	return false;
}