Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
Noncify
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Markshall" data-source="post: 440898" data-attributes="member: 1872"><p>I needed a nonce-generating script for a project I'm working on at work and this is what I ended up with.</p><p></p><p>Feel free to use.</p><p></p><p><a href="https://github.com/Markshall/Noncify" target="_blank">https://github.com/Markshall/Noncify</a></p><p></p><p>[PHP]</p><p><?php</p><p>/**</p><p> * @name Noncify</p><p> * @author Mark Eriksson (https://markwrites.codes)</p><p> * @link https://github.com/Markshall/Noncify</p><p> * @desc Generate and verify previously generated nonces for use in web forms</p><p> */</p><p>class Noncify {</p><p> </p><p> /**</p><p> * @param $key the salt being used by the website</p><p> * @param $timeout the amount of time (in minutes) after which the nonce will expire. if value is not supplied, the default of 5 will be used</p><p> * @return string the generated nonce</p><p> */</p><p> public static function generate($key, $timeout=5) {</p><p> if (!is_string($key) || !is_numeric($timeout)) {</p><p> throw new InvalidArgumentException('Invalid arguments supplied');</p><p> }</p><p> </p><p> return sha1($key) . '.' . ($timestamp=time()+($timeout*60)) . '.' . ($salt=self::randString($timeout)) . '.' . sha1("{$salt}.{$timestamp}.{$key}");</p><p> }</p><p> </p><p> </p><p> /**</p><p> * @param $nonce the full nonce string created by this class</p><p> * @param $key the salt passed into generate() used by the website</p><p> * @return bool if the nonce is valid and not expired</p><p> */</p><p> public static function verify($nonce, $key) {</p><p> list($nonceStart, $timeout, $salt, $hash) = explode('.', $nonce);</p><p> return sha1($key) === $nonceStart && time() < $timeout && sha1("{$salt}.{$timeout}.{$key}") === $hash;</p><p> }</p><p> </p><p> </p><p> /**</p><p> * @param $length the amount of characters to be used in the random string</p><p> * not user defined. value is based on the $timeout param in generate()</p><p> * we divide the $timeout param by 4 and if its value is less than 8 then</p><p> * make the random string 8 chars long</p><p> * @return string the randomly generated string</p><p> */</p><p> private static function randString($length) {</p><p> $chars = '1QAZ2WSX3EDC4RFV5TGB6YHN7UJM8IK9OL0Pqazwsxedcrfvtgbyhnujmikolp';</p><p> $string = '';</p><p> $length /= 4;</p><p> </p><p> if (strval($length) < 8) $length = 8;</p><p> </p><p> for ($i=0; $i<round($length); $i++) $string .= $chars[mt_rand(0, strlen($chars)-1)];</p><p> </p><p> return $string;</p><p> }</p><p>}[/PHP]</p><p></p><p>Usage:</p><p>[PHP]<?php</p><p>require_once('Noncify.php');</p><p></p><p>define('NONCE_SALT', 'f7H4gx88ZaqwM3'); // you'd probably store this in a config file or in a database</p><p></p><p>$nonce = Noncify::generate(NONCE_SALT, 3); // generates a nonce salt that expires after 3 minutes</p><p></p><p>// the verify() method must be provided the same nonce salt that you passed through to generate()</p><p>if (Noncify::verify($nonce, NONCE_SALT)) {</p><p> echo 'Verified!';</p><p>} else {</p><p> echo 'Wrong salt key supplied, or nonce has expired.';</p><p>}[/PHP]</p></blockquote><p></p>
[QUOTE="Markshall, post: 440898, member: 1872"] I needed a nonce-generating script for a project I'm working on at work and this is what I ended up with. Feel free to use. [URL]https://github.com/Markshall/Noncify[/URL] [PHP] <?php /** * @name Noncify * @author Mark Eriksson (https://markwrites.codes) * @link https://github.com/Markshall/Noncify * @desc Generate and verify previously generated nonces for use in web forms */ class Noncify { /** * @param $key the salt being used by the website * @param $timeout the amount of time (in minutes) after which the nonce will expire. if value is not supplied, the default of 5 will be used * @return string the generated nonce */ public static function generate($key, $timeout=5) { if (!is_string($key) || !is_numeric($timeout)) { throw new InvalidArgumentException('Invalid arguments supplied'); } return sha1($key) . '.' . ($timestamp=time()+($timeout*60)) . '.' . ($salt=self::randString($timeout)) . '.' . sha1("{$salt}.{$timestamp}.{$key}"); } /** * @param $nonce the full nonce string created by this class * @param $key the salt passed into generate() used by the website * @return bool if the nonce is valid and not expired */ public static function verify($nonce, $key) { list($nonceStart, $timeout, $salt, $hash) = explode('.', $nonce); return sha1($key) === $nonceStart && time() < $timeout && sha1("{$salt}.{$timeout}.{$key}") === $hash; } /** * @param $length the amount of characters to be used in the random string * not user defined. value is based on the $timeout param in generate() * we divide the $timeout param by 4 and if its value is less than 8 then * make the random string 8 chars long * @return string the randomly generated string */ private static function randString($length) { $chars = '1QAZ2WSX3EDC4RFV5TGB6YHN7UJM8IK9OL0Pqazwsxedcrfvtgbyhnujmikolp'; $string = ''; $length /= 4; if (strval($length) < 8) $length = 8; for ($i=0; $i<round($length); $i++) $string .= $chars[mt_rand(0, strlen($chars)-1)]; return $string; } }[/PHP] Usage: [PHP]<?php require_once('Noncify.php'); define('NONCE_SALT', 'f7H4gx88ZaqwM3'); // you'd probably store this in a config file or in a database $nonce = Noncify::generate(NONCE_SALT, 3); // generates a nonce salt that expires after 3 minutes // the verify() method must be provided the same nonce salt that you passed through to generate() if (Noncify::verify($nonce, NONCE_SALT)) { echo 'Verified!'; } else { echo 'Wrong salt key supplied, or nonce has expired.'; }[/PHP] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
Noncify
Top