我正在开发一个php库,它可以通过各种自动化更轻松地进行令牌认证。
问题在于,当我尝试验证令牌时,它有时会起作用,有时不起作用,该函数启动与数据库的pdo连接并获取令牌行,而不是行是1检查到期时间(token_timestamp> time( ))如果使用的话是假(0)
以下代码。
功能
public function validate($token) {
$db = $this->connect();
if ($token == '' || empty($token) || !isset($token)) {
$token = $this->Token["token"];
}
$q = $db->pQuery("SELECT * FROM {$this->DBTable} WHERE `token`={$token}", []);
if ($q->fetch()) {
# THE STRING EXISTS
$r = $q->fetch();
if ($r["expiration"] > time() && isset($r) && $r !== false) {
if ($r["used"] == 0) {
return true;
} else {
throw new \Exception("This token ($token) has been already used");
}
} else {
throw new \Exception("EXPIRED TOKEN ($token) at: {$r["expiration"]}");
}
}
throw new \Exception("INVALID TOKEN");
}
数据库类
namespace TokenLogin\Classes;
use \PDO as PDO;
class Database {
# Database Host
public $Host = "";
# Database Username
public $User = "";
# Database Password
public $Passwd = "";
# Database Name
public $Name = "";
# Database Port
public $Port = "";
# Table name
public $Table = "";
# The Connection
protected $conn = "";
function __construct()
{
settype($this->Table, 'string');
settype($this->Port, 'int');
}
public function setConnection($data) {
# THIS SHOULD SET PARAMETERS
if (is_array($data) && count($data) == 6) {
$this->Host = $data["host"];
$this->Port = $data["port"];
$this->Name = $data["name"];
$this->User = $data["user"];
$this->Passwd = $data["pass"];
$this->Table = $data["table"];
return true;
}
return false;
}
function __clone() {}
/**
* Connect to the databse
* @return bool|PDO|string
* @throws \Exception
*/
public function connect() {
# Try to connect and return the connection
try {
$conn = $this->conn = new PDO("mysql:host=" . $this->Host . ";port=" . $this->Port . ";dbname=" . $this->Name, $this->User, $this->Passwd);
return ($conn === $this->conn) ? $this->conn : false;
} catch (\PDOException $e) {
throw new \Exception($e->getMessage(), 1);
}
}
/**
* Destroy the connection
* @return bool
*/
public function destroy() {
$this->conn = null;
return $this->conn === null;
}
/**
* @param $sql
* @param array $params
* @return bool|\PDOStatement
*/
public function pQuery($sql, $params = []) {
if (is_array($params) && is_string($sql)) {
$conn = $this->connect();
$stmt = $conn->prepare($sql);
# Safe query
$stmt->execute($params);
return $stmt;
}
return false;
}
/**
* Get table name
* @return string
*/
public function getTable()
{
return $this->Table;
}
/**
* Set table name.
* @param $table
* @return bool
*/
public function setTable($table)
{
$this->Table = $table;
$this->connect()->exec("CREATE TABLE IF NOT EXISTS `$this->Table` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`user` varchar(255),
`token` varchar(255),
`creation` int(99),
`expiration` int(99),
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;");
$this->destroy();
return $this->Table == $table;
}
}
令牌生成功能:
public function newToken($len = 4, $expiration = 5)
{
$token = $this->_random($len);
$expiration = strtotime("+ $expiration minutes");
$creation = time();
$this->Token = [
"token" => $token,
"expiration" => $expiration,
"creation" => $creation
];
return $this->Token;
}