README

This repository contains an open source PHP Class that allows you to change an element's id, attributes or any strings from the HTML DOM (Document Object Model) to a random placeholder string to make it harder for the visitor to understand the DOM and make changes via the browser's console.

Installation

Tokenizer is available on Packagist, which means you can install it with Composer.

To install it via the CLI (Command Line Interface):

composer require chinleung/tokenizer

To install it via composer.json, add the following:

{
  "require": {
    "chinleung/tokenizer": "^1.0"
  }
}

If you don't use composer, you can always install it manually by downloading the package and include the src folder in your application.

Introduction

Before we start with the usage, let me explain how this works. Tokenizer is an instance that will normally be stored in the session, which will contains a list of Token Pages (See it as a category). Inside each of those pages, they hold their own Tokens. A token is an object that has a name, a value and an encrypted string (token). So for example, my Token is named "Token 1", has the value "156" (Let's say it's the id of my database row), and it's token is "2LCk04CpGX93SekDvgQe". The value "2LCk04CpGX93SekDvgQe" is what will be printed in the DOM and it's not decryptable as the 'encription' is simply a random string of a specified size passed by you which can differ from one token to another.

Each Token Page and Token all have their own expiry time. So if a Token hasn't been used for 30 minutes (chosen by you), the next time it's generated, it's encryption will be different. So my Token 1 won't be "2LCk04CpGX93SekDvgQe" anymore, it'll be another randomized string, but it's value 156 will remain hidden behind the encryption.

| - Tokenizer
|
| -- Page 1 (Token: "Mr41X5YMMJvIeNCBh3qD")
| --- Token 1 (Value: 156 - Token: "2LCk04CpGX93SekDvgQe")
| --- Token 2 (Value: "FAOSFD" - Token: "ADFadfasdfa912")
| --- Token 3 (Value: NULL - Token: "RwHYqXr")
|
| -- Page 2 (Token: "KIWHGm3L4wO5qumbyeWq")
| --- Token 1 (Value: NULL - Token: "WBeDYMsezKSsQgIQUtYy7RuAnwLlfj")
| --- Token 2 (Value: NULL - Token: "2Lpvz1OEr")

Usage

Include the autoload

If you've installed it with composer, you'd want to include the autoload.php like this:

require('vendor/autoload.php');

If you've installed it manually, simply replace my-path-to-package from the code below by the path that points to your autoload.php.

require('my-path-to-package/src/autoload.php');

Namespace

Since Tokenizer is in the namespace Tokenizer, you need the following:

use Tokenizer\Tokenizer;

If you don't want to add the use from above, you could always prefix your code with \Tokenizer\Tokenizer whenever you refer to the Tokenizer package.

Starting Tokenizer

To start Tokenizer, simply run the command start():

Tokenizer::start();

The start command will create an instance of Tokenizer and store it in your php $_SESSION if it doesn't already exists. If it's already there, and the instance hasn't expired yet, it'll simply delete the expired tokens. It's saving the instance of Tokenizer in the session to keep the tokens available even if you navigate to another page. If, for x reason, you want to start it manually, you could do:

// Assign the instance to a variable
$tokenizer = new Tokenizer();

// Assign it to the $_SESSION manually
$_SESSION['myIndex'] = new Tokenizer();

Note: The tokens in the variable will all be destroyed and not accessible via other pages since it's not saved in the session.

Options

You can pass different options as an associative array whenever you're starting Tokenizer:

So if you want to start Tokenizer with custom options, for example, making Token Pages expires after 10 minutes of inactive instead of the default 30 minutes:

Tokenizer::start(array('page-expiration' => 600));

Wiki

For more information about the project, please refer to the documentation.