Apache Zeta Components Manual :: File Source for token_filter.php
Source for file token_filter.php
Documentation is available at token_filter.php
* File containing the ezcAuthenticationTokenFilter class.
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @package Authentication
* Filter to authenticate against a server generated token.
* Some uses for this filter:
* - security token devices (as used by banks)
* The following example shows how to create a CAPTCHA test. The example is
* divided into 2 parts: the initial request (where the user sees the CAPTCHA
* image and enters the characters he sees in a form) and the follow-up
* request (after the user submits the form).
* - on the initial request:
* // generate a token and save it in the session or in a file/database
* $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
* for( $i = 1; $i <= 6 ; $i++ )
* $token .= $pattern{rand( 0, 36 )};
* $encryptedToken = sha1( $token );
* // save the $encryptedToken in the session
* $_SESSION['encryptedToken'] = $encryptedToken;
* // also generate a distorted image which contains the symbols from $token and use it
* - on the follow-up request:
* // load the $encryptedToken as it was generated on a previous request
* $encryptedToken = isset( $_SESSION['encryptedToken'] ) ? $_SESSION['encryptedToken'] : null;
* // also load the value entered by the user in response to the CAPTCHA image
* $captcha = isset( $_POST['captcha'] ) ? $_POST['captcha'] : null;
* $credentials = new ezcAuthenticationIdCredentials( $captcha );
* $authentication = new ezcAuthentication( $credentials );
* $authentication->addFilter( new ezcAuthenticationTokenFilter( $encryptedToken, 'sha1' ) );
* if ( !$authentication->run() )
* // CAPTCHA was incorrect, so inform the user to try again, eventually
* // by generating another token and CAPTCHA image
* // CAPTCHA was correct, so let the user send his spam or whatever
* @property string $token
* The token to check against.
* @property callback $function
* The encryption function to use on the user credentials in order to
* compare it with the stored token.
* @package Authentication
* Token is not the same as the provided one.
* Holds the properties of this class.
* @var array(string=>mixed)
private $properties =
array();
* Creates a new object of this class.
* @param string $token A string value generated by the server
* @param callback $function The encryption function to use when comparing tokens
* @param ezcAuthenticationTokenOptions $options Options for this class
public function __construct( $token, $function, ezcAuthenticationTokenOptions $options =
null )
$this->function =
$function;
* Sets the property $name to $value.
* @throws ezcBasePropertyNotFoundException
* if the property $name does not exist
* @throws ezcBaseValueException
* if $value is not correct for the property $name
* @param string $name The name of the property to set
* @param mixed $value The new value of the property
public function __set( $name, $value )
$this->properties[$name] =
$value;
$this->properties[$name] =
$value;
* Returns the value of the property $name.
* @throws ezcBasePropertyNotFoundException
* if the property $name does not exist
* @param string $name The name of the property for which to return the value
public function __get( $name )
return $this->properties[$name];
* Returns true if the property $name is set, otherwise false.
* @param string $name The name of the property to test if it is set
public function __isset( $name )
return isset
( $this->properties[$name] );
* Runs the filter and returns a status code when finished.
* @param ezcAuthenticationCredentials $credentials Authentication credentials
public function run( $credentials )
if ( $this->token ===
$password )
return self::STATUS_TOKEN_INCORRECT;