1. Go to this page and download the library: Download rollerworks/split-token library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
rollerworks / split-token example snippets
use Rollerworks\Component\SplitToken\Argon2SplitTokenFactory;
// First, create the factory to generate a new SplitToken.
//
// Note: For unit testing it's highly recommended to use
// the FakeSplitTokenFactory instead as cryptographic operations
// can a little heavy.
// Default configuration, shown here for clarity.
$config = [
'memory_cost' => \PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
'time_cost' => \PASSWORD_ARGON2_DEFAULT_TIME_COST,
'threads' => \PASSWORD_ARGON2_DEFAULT_THREADS,
];
// Either a DateInterval or a DateInterval parsable-string
$defaultLifeTime = null;
$splitTokenFactory = new Argon2SplitTokenFactory(/*config: $config, */ $defaultLifeTime);
// Optionally set PSR/Clock compatible instance
// $splitTokenFactory->setClock();
// Step 1. Create a new SplitToken for usage
$token = $splitTokenFactory->generate();
// The $authToken holds a \ParagonIE\HiddenString\HiddenString to prevent
// leakage of this value. You need to cast this object to an actual string
// at of usage.
//
// The $authToken is to be shared with the receiver (user) only.
// The value is already encoded as base64 uri-safe string.
//
//
// AGAIN, DO NOT STORE "THIS" VALUE IN THE DATABASE! Store the selector and verifier-hash instead.
//
$authToken = $token->token(); // Returns a \ParagonIE\HiddenString\HiddenString object
// Indicate when the token must expire. Note that you need to clear the token from storage yourself.
// Pass null (or leave this method call absent) to never expire the token (not recommended).
//
// If not provided uses "now" + $defaultLifeTime of the factory constructor.
$authToken->expireAt(new \DateTimeImmutable('+1 hour'));
// Now to store the token cast the SplitToken to a SplitTokenValueHolder object.
//
// Unlike SplitToken this class is final and doesn't hold the full-token string.
//
// Additionally you store the token with metadata (array only),
// See the linked manual below for more information.
$holder = $token->toValueHolder();
// Setting the token would look something like this.
// UPDATE site_user
// SET
// recovery_selector = $holder->selector(),
// recovery_verifier = $holder->verifierHash(),
// recovery_expires_at = $holder->expiresAt(),
// recovery_metadata = json_encode($holder->metadata()),
// recovery_timestamp = NOW()
// WHERE user_id = ...
// ----
// Step 2. Reconstruct the SplitToken from a user provided string.
// When the user provides the token verify if it's valid.
// This will throw an exception of token is not of the expected length.
$token = $splitTokenFactory->fromString($_GET['token']);
// $result = SELECT user_id, recover_verifier, recovery_expires_at, recovery_metadata WHERE recover_selector = $token->selector()
$holder = new SplitTokenValueHolder($token->selector(), $result['recovery_verifier'], $result['recovery_expires_at'], json_decode($result['recovery_metadata'], true));
if ($token->matches($holder)) {
echo 'OK, you have access';
} else {
// Note: Make sure to remove the token from storage.
echo 'NO, I cannot let you do this John.';
}
bash
$ php composer.phar
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.