getToken(); } /** * Generate a token */ private function _generateToken() { if (function_exists('mcrypt_create_iv')) { $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); } else { $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32)); } } /** * Get token * * Generate a token if it does not exist * * @return unknown */ public function getToken(){ if (empty($_SESSION['token'])) { $this->_generateToken(); } return $_SESSION['token']; } /** * Verify token * * @param string $token * @return boolean */ public function verifyToken($token = "") { $return = FALSE; if (!empty($token) && $this->_hash_equals($_SESSION['token'], $token)) { $return = TRUE; } $this->_generateToken(); return $return; } /** * hash_equals for previous version of php 5.6 * * @param unknown $str1 * @param unknown $str2 * @return boolean */ private function _hash_equals($str1, $str2) { if(strlen($str1) != strlen($str2)) { return FALSE; } $res = $str1 ^ $str2; $ret = 0; for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]); return !$ret; } }