Function to set an auth_token

Posted by john mossel on Stack Overflow See other posts from Stack Overflow or by john mossel
Published on 2011-02-15T15:09:09Z Indexed on 2011/02/15 15:25 UTC
Read the original article Hit count: 161

Filed under:
|
|

In my form I have a hidden field:

<input type="hidden" name="auth_token" value="<?php echo $auth_token; ?>">

This value is also stored in a session and a variable:

$_SESSION['auth_token'] = hash('sha256', rand() . time() . $_SERVER['HTTP_USER_AGENT']);  #  TODO: put this in a function
$auth_token = $_SESSION['auth_token'];

When the form is submitted the two values are compared. It's a basic form token.

Should this be made into two functions or just one when refactored? set_form_token() and get_form_token(), get_form_token() returning the session value, then I can compare it in my main code. What is the proper way of doing this?

© Stack Overflow or respective owner

Related posts about php

Related posts about form