added tokens

src/Security/TokenHandler.php

@@ -6,23 +6,32 @@ class TokenHandler
 {
     private static ?self $instance = null;
     private static $tokens = [];
+    private static int $iterations = 0;
 
-    private static function uuid_v4(): string {
+    private static function random32Characters(): string {
         $data = random_bytes(16);
         $data[6] = chr(ord($data[6]) & 0x0f | 0x40);
         $data[8] = chr(ord($data[8]) & 0x3f | 0x80);
-        return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
+        return bin2hex($data);
     }
-    public static function getNewTokenForUser(string $username)
-    {
-        $uuid = sprintf(
-            '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
-            mt_rand(0, 0xffff), mt_rand(0, 0xffff),
-            mt_rand(0, 0xffff),
-            mt_rand(0, 0x0fff) | 0x4000,
-            mt_rand(0, 0x3fff) | 0x8000,
-            mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
-        );
 
+    public static function doesUserHaveToken(string $username): bool
+    {
+        foreach (self::$tokens as $token) {
+            if ($token['username'] === $username) {
+                return true;
+            }
+        }
+        return false;
     }
+    public static function getNewTokenForUser(string $username): string
+    {
+        $tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0', STR_PAD_RIGHT);
+        if (self::$iterations >= 99999) {
+            self::$iterations = 0;
+        }
+        self::$tokens[] = [$username, (microtime(true) * 1000), $tokenBody];
+        return self::$tokens[][0] . $tokenBody;
+    }
+
 }