Airship\Engine\Security\CSRF::generateToken PHP Method

CSRF Class Documentation Mostra file Open project: paragonie/airship

generateToken() protected method

Generate, store, and return the index and token

protected generateToken ( string $lockTo = '' ) : array
$lockTo	string	What URI endpoint this is valid for
return	array	[string, string]

    protected function generateToken(string $lockTo = '') : array
    {
        // Create a distinct index:
        do {
            $index = Base64UrlSafe::encode(\random_bytes(18));
        } while (isset($_SESSION[$this->sessionIndex][$index]));
        $token = Base64UrlSafe::encode(\random_bytes(33));
        $_SESSION[$this->sessionIndex][$index] = ['created' => \intval(\date('YmdHis')), 'uri' => isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME'], 'token' => $token];
        if (!empty($lockTo)) {
            // Get rid of trailing slashes.
            if (\preg_match('#/$#', $lockTo)) {
                $lockTo = Util::subString($lockTo, 0, Util::stringLength($lockTo) - 1);
            }
            $_SESSION[$this->sessionIndex][$index]['lockto'] = $lockTo;
        }
        $this->recycleTokens();
        return [$index, $token];
    }

CSRF

__construct

check

generateToken

getTokenString

insertToken

reconfigure

recycleTokens