Hello all, Ive been working with PHP for my websites for a few months,
just attempted to build my own class, after reading all this stuff about
automated robots and XSS attacks etc decided to step up security a
bit, my result is an attempt to create a class for using the token
method within web forms, not even sure whether its the real thing but my
work is below, some advice on whether its ok or what needs improving
would be appreciated, thanks.
<?php
// PHP 4.3.11
class SecretToken {
var $_returnCode;
function GenerateToken() {
if(!isset($_SESSION['token'])) {
session_regenerate_id();
$new_token = md5(uniqid(rand(), true));
$_SESSION['token'] = $new_token;
}
}
function VerifyToken($post) {
if(isset($_SESSION['token'])) {
$saved_token = ($_SESSION['token']);
}
if($post == $saved_token):
$this->_returnCode = 1;
unset($_SESSION['token']);
else:
$this->_returnCode = 0;
endif;
}
function ReturnCode() {
## Result will be 1 for success or 0 for fail
return $this->_returnCode;
}
// end class definition
}
?>
Basically in my web form I call GenerateToken firstly, then when the
forms been submitted I then call VerifyToken and finally check return
codes using a switch statement, seems to work,
TIA
James Benson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
