I needed a temporary password reset token generating when a user 'forgot their password'. Although a nice feature, pulling in dependencies for storage seemed overkill and decided to just spin up a quick library that generated a very unique token (it can be made even more unique via a 'salt' - something unique to that instance) and a expiration DateTime object for that token.
I suppose you could use it for any scenario requiring a temporary, guaranteed to expire token - my use case was simply a password reset link token.
Basically this package allows you to generate two things:
- A unique token
- An expiration time for the above token
For ease you can simply store these inside a users table once a password has been reset, send the user a link to the unique url - and assuming the token matches and hasn't expired let them reset their password.
This library is published on packagist.org, to install you will need the following in your projects composer.json:
{
"require": {
"mattkirwan/temp-token": "1.0.*"
},
"minimum-stability": "dev"
}
Once you have that, simply run:
php composer.phar update
and then use...
require './vendor/autoload.php';
// Instantiate a new TempToken object
$temp_token = new MattKirwan\TempToken\TempToken();
// Optionally set a unique salt (maybe a username?) for more randomness in the token
$temp_token->set_unique_salt($username);
// Optionally set the token lifetime in seconds - defaults to 1 hour (3600 secs)
$temp_token->set_token_lifetime_secs(7200);
// Optionally set a date format for the token expiration DateTime object
$temp_token->set_date_format('d-m-Y');
// Generates a new token and token expiration
$temp_token->generate_token();
// Retrieve the token
$token = $temp_token->get_token();
// Retrieve a token expiration DateTime
$token_expires = $temp_token->get_token_expiration();