SecurityToken.php

<?php

namespace MyApp\CoreOverrides;

class SecurityToken
{
    private $_di;
    private $_session;
    private $_request;
    private $_byteLength = 32;

    public function __construct (\Phalcon\DI $di)
    {
        $this->_di = $di;
        $this->_session = $this->_di->getShared('session');
        $this->_request = $this->_di->getShared('request');
    }

    public function isAlreadyGenerated()
    {
        return (!empty($this->_session->csrfToken) && !empty($this->_session->csrfTokenKey));
    }

    public function generateKeyValuePair ()
    {
        $this->_session->csrfToken = openssl_random_pseudo_bytes($this->_byteLength);
        $this->_session->csrfTokenKey = uniqid();
    }

    public function getToken () {
        if ($this->_session->get('csrfToken', null, False))
        {
            return $this->_session->csrfToken;
        }
        return $this->_session->csrfToken = openssl_random_pseudo_bytes();
    }

    public function getTokenKey () {
        if ($this->_session->get('csrfTokenKey', null, False))
        {
            return $this->_session->csrfTokenKey;
        }
        return $this->_session->csrfTokenKey = uniqid();
    }

    public function checkToken () {
        $sessionToken = $this->_session->csrfToken;
        $sessionKey = $this->_session->csrfTokenKey;
        $formToken = $this->_request->get($sessionKey, null, False);
        // var_dump($formToken, $sessionKey);exit;
        if (False == $formToken)
        {
            throw new \Phalcon\Exception('CSRF Token Not Found');
        }

        if (strcmp($sessionToken, $formToken) === 0)
        {
            return true;
        }

        return false;
    }

    public function getByteLength () {
        throw new \Phalcon\Exception('Not Yet Implemented');
    }

    public function setByteLength () {
        throw new \Phalcon\Exception('Not Yet Implemented');
    }

}