function OneTimeAuthentication::verifyHmac
Same name and namespace in other branches
- 11.x core/modules/user/src/OneTimeAuthentication.php \Drupal\user\OneTimeAuthentication::verifyHmac()
Verify a one time authentication code and its timestamp.
For a usage example, see \Drupal\user\OneTimeAuthentication::generateCancelConfirmUrl() and \Drupal\user\Controller\UserController::confirmCancel().
Parameters
\Drupal\user\UserInterface $account: An account for which to verify the authentication code.
int $timestamp: The timestamp of the authentication code.
string $hmac: One time authentication code.
int $timeout: Expiration timeout of authentication code.
Return value
bool Whether the provided data are valid.
File
-
core/
modules/ user/ src/ OneTimeAuthentication.php, line 78
Class
- OneTimeAuthentication
- Generate and verify one time authentication codes.
Namespace
Drupal\userCode
public function verifyHmac(UserInterface $account, int $timestamp, string $hmac, int $timeout = 0) : bool {
$current = $this->time
->getRequestTime();
$timeout_valid = !empty($timeout) && $current - $timestamp < $timeout || empty($timeout);
return $timestamp >= $account->getLastLoginTime() && $timestamp <= $current && $timeout_valid && hash_equals($hmac, $this->generateHmac($account, $timestamp));
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.