chinleung / tokenizer
PHP Tokenizer
This package's canonical repository appears to be gone and the package has been frozen as a result.
Requires
- php: ^5.4
This package is auto-updated.
Last update: 2019-04-30 23:26:45 UTC
README
This repository contains an open source PHP Class that allows you to change an element's id, attributes or any strings from the HTML DOM (Document Object Model) to a random placeholder string to make it harder for the visitor to understand the DOM and make changes via the browser's console.
Installation
Tokenizer is available on Packagist, which means you can install it with Composer.
To install it via the CLI (Command Line Interface):
composer require chinleung/tokenizer
To install it via composer.json
, add the following:
{
"require": {
"chinleung/tokenizer": "^1.0"
}
}
If you don't use composer, you can always install it manually by downloading the package and include the src
folder in your application.
Introduction
Before we start with the usage, let me explain how this works. Tokenizer is an instance that will normally be stored in the session, which will contains a list of Token Pages (See it as a category). Inside each of those pages, they hold their own Tokens. A token is an object that has a name, a value and an encrypted string (token). So for example, my Token is named "Token 1"
, has the value "156"
(Let's say it's the id of my database row), and it's token is "2LCk04CpGX93SekDvgQe"
. The value "2LCk04CpGX93SekDvgQe"
is what will be printed in the DOM and it's not decryptable as the 'encription' is simply a random string of a specified size passed by you which can differ from one token to another.
Each Token Page and Token all have their own expiry time. So if a Token hasn't been used for 30 minutes (chosen by you), the next time it's generated, it's encryption will be different. So my Token 1 won't be "2LCk04CpGX93SekDvgQe"
anymore, it'll be another randomized string, but it's value 156
will remain hidden behind the encryption.
| - Tokenizer
|
| -- Page 1 (Token: "Mr41X5YMMJvIeNCBh3qD")
| --- Token 1 (Value: 156 - Token: "2LCk04CpGX93SekDvgQe")
| --- Token 2 (Value: "FAOSFD" - Token: "ADFadfasdfa912")
| --- Token 3 (Value: NULL - Token: "RwHYqXr")
|
| -- Page 2 (Token: "KIWHGm3L4wO5qumbyeWq")
| --- Token 1 (Value: NULL - Token: "WBeDYMsezKSsQgIQUtYy7RuAnwLlfj")
| --- Token 2 (Value: NULL - Token: "2Lpvz1OEr")
Usage
Include the autoload
If you've installed it with composer, you'd want to include the autoload.php
like this:
require('vendor/autoload.php');
If you've installed it manually, simply replace my-path-to-package
from the code below by the path that points to your autoload.php
.
require('my-path-to-package/src/autoload.php');
Namespace
Since Tokenizer is in the namespace Tokenizer, you need the following:
use Tokenizer\Tokenizer;
If you don't want to add the use
from above, you could always prefix your code with \Tokenizer\Tokenizer
whenever you refer to the Tokenizer package.
Starting Tokenizer
To start Tokenizer, simply run the command start()
:
Tokenizer::start();
The start command will create an instance of Tokenizer and store it in your php $_SESSION
if it doesn't already exists. If it's already there, and the instance hasn't expired yet, it'll simply delete the expired tokens. It's saving the instance of Tokenizer in the session to keep the tokens available even if you navigate to another page. If, for x reason, you want to start it manually, you could do:
// Assign the instance to a variable
$tokenizer = new Tokenizer();
// Assign it to the $_SESSION manually
$_SESSION['myIndex'] = new Tokenizer();
Note: The tokens in the variable will all be destroyed and not accessible via other pages since it's not saved in the session.
Options
You can pass different options as an associative array whenever you're starting Tokenizer:
Option | Type | Default | Description |
---|---|---|---|
page-expiration | Integer | 1800 | The time in seconds before a Token Page expires when inactive. When the page expires, all it's tokens will expire as well. |
session-index | String | tokenizer | When Tokenizer is called statically, it's referring to an index in the session. Change this to change the index of the Tokenizer in your PHP Session. If you start Tokenizer with two differnet session-index setting, the second session-index will overwrite the first one. |
token-expiration | Integer | 1800 | The time in seconds before a Token expires when inactive. When a Token expires, it's removed from the Token Page. |
tokenizer-expiration | Integer | 1800 | The time in seconds before the Tokenizer instance itself expires. |
So if you want to start Tokenizer with custom options, for example, making Token Pages expires after 10 minutes of inactive instead of the default 30 minutes:
Tokenizer::start(array('page-expiration' => 600));
Wiki
For more information about the project, please refer to the documentation.