public function validateInviteCode($username, $code)
{
// validate the format of the token created by ->generateInviteCode()
if (!preg_match('~^(\\d+)\\.([a-zA-Z0-9\\-_]+)$~', $code, $m)) {
return false;
}
$time = $m[1];
$mac = $m[2];
return _elgg_services()->crypto->getHmac([(int) $time, $username])->matchesToken($mac);
}