Piwik\Plugins\Login\PasswordResetter::isTokenValid PHP Method

PasswordResetter Class Documentation Mostrar archivo Open project: piwik/piwik

isTokenValid() public method

Returns true if a reset token is valid, false if otherwise. A reset token is valid if it exists and has not expired.

public isTokenValid ( string $token, array $user ) : boolean
$token	string	The reset token to check.
$user	array	The user information returned by the UsersManager API.
return	boolean	true if valid, false otherwise.

    public function isTokenValid($token, $user)
    {
        $now = time();
        // token valid for 24 hrs (give or take, due to the coarse granularity in our strftime format string)
        for ($i = 0; $i <= 24; $i++) {
            $generatedToken = $this->generatePasswordResetToken($user, $now + $i * 60 * 60);
            if ($generatedToken === $token) {
                return true;
            }
        }
        // fails if token is invalid, expired, password already changed, other user information has changed, ...
        return false;
    }

PasswordResetter

__construct

checkNewPassword

checkPasswordHash

confirmNewPassword

generatePasswordResetToken

generateSecureHash

getDefaultExpiryTime

getPasswordResetInfoOptionName

getPasswordToResetTo

getSalt

getUserInformation