Search the Community

I wrote a Token Generator class based off the code from the following thread. It works as expected. I just want to get some more eyes on it for any feedback on improvements or problems. http://forums.phpfreaks.com/topic/298729-forgotten-password/?hl=%2Bmcrypt_create_iv&do=findComment&comment=1524084 <?php /** * Class Token * * Generates a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) */ class Token { /** * Generates a pseudo-random string of bytes * * @return string */ public function getRandomBytes() { return openssl_random_pseudo_bytes(16); } /** * Convert (Encodes) binary data into hexadecimal representation * * Returns an ASCII string containing the hexadecimal representation of $randomBytes * * @param $randomBytes * @return string */ public function getEncodedToken($randomBytes) { return bin2hex($randomBytes); } /** * Decodes a hexadecimally encoded binary string * * @param $encoded_token * @return string */ public function getDecodedToken($encoded_token) { return hex2bin($encoded_token); } /** * Generate a hash value * * @param $raw_token * @return string */ public function sha256Hash($raw_token) { return hash('sha256', $raw_token); } } //---------------------------------------------------------------------------- //Test //---------------------------------------------------------------------------- $token = new Token(); /** Encode token and hash it */ $raw_token = $token->getRandomBytes(); echo $encoded_token =$token->getEncodedToken($raw_token);// Sent to User echo '<br>'; echo $token_hash = $token->sha256Hash($raw_token);// Stored in DB echo '<br>'; /** Decode token and hash it */ $raw_token = $token->getDecodedToken($encoded_token); echo $token_hash = $token->sha256Hash($raw_token);// Compare user token to DB token