Function to set an auth_token
Posted
by
john mossel
on Stack Overflow
See other posts from Stack Overflow
or by john mossel
Published on 2011-02-15T15:09:09Z
Indexed on
2011/02/15
15:25 UTC
Read the original article
Hit count: 161
In my form I have a hidden field:
<input type="hidden" name="auth_token" value="<?php echo $auth_token; ?>">
This value is also stored in a session and a variable:
$_SESSION['auth_token'] = hash('sha256', rand() . time() . $_SERVER['HTTP_USER_AGENT']); # TODO: put this in a function
$auth_token = $_SESSION['auth_token'];
When the form is submitted the two values are compared. It's a basic form token.
Should this be made into two functions or just one when refactored? set_form_token()
and get_form_token()
, get_form_token() returning the session value, then I can compare it in my main code. What is the proper way of doing this?
© Stack Overflow or respective owner