<?php
// create this link for use in 1 hour
$plain_key = $member_id.date('Y-m-d H');
$key = password_hash($plain_key, PASSWORD_DEFAULT);
$create_link = 'https://.....?k='.$key;
?>
<?php
// This section for verify link key
$key_for_verify = $member_id.date('Y-m-d H');
if( password_verify($key_for_verify,$_GET['k']) )
{
// TRUE
}
// FALSE
Please guide me. If you have some idea.
Or your have some example. Please help , Thanks
分享 It's better include timestamp in link, and embed authentication code using HMAC-SHA512/HMAC-SHA256. Then check if timestamp is not modified by user.
Generation script
// create this link for use in 1 hour
$unix_ts = time();
//convert to string
$unix_ts = $unix_ts . '';
//compute signature
$sig = hash_hmac('sha256', $unix_ts, SERVER_SECRET);
$create_link = 'https://.....?t='.$unix_ts.'&sig='.$sig;
Chekcing script
//check signature
$unix_ts_req = $_GET['t'];
$sig = hash_hmac('sha256', $unix_ts_req, SERVER_SECRET);
//check if signature match
if($sig === $_GET['sig'])
{
$gap = time() - (int)$unix_ts_req;
if($gap < 3600)
{
//valid
}
else
{
//expired
}
}
else
{
// url tempered
}
Code above act as example. Not tested.
分享
