- <?php
- class Crumb {
- CONST SALT = "your-secret-salt";
- static $ttl = 7200;
- static public function challenge($data) {
- return hash_hmac('md5', $data, self::SALT);
- }
- static public function issueCrumb($uid, $action = -1) {
- $i = ceil(time() / self::$ttl);
- return substr(self::challenge($i . $action . $uid), -12, 10);
- }
- static public function verifyCrumb($uid, $crumb, $action = -1) {
- $i = ceil(time() / self::$ttl);
- if(substr(self::challenge($i . $action . $uid), -12, 10) == $crumb ||
- substr(self::challenge(($i - 1) . $action . $uid), -12, 10) == $crumb)
- return true;
- return false;
- }
- }
代碼中的$uid表示用戶唯一標識,而$ttl表示這個隨機串的有效時間。