Generating Tokens
The PHP code for token generation resides within the Trongate Tokens module, which is essential for token management in Trongate applications. Token generation is carried out through the usage of the _generate_token() method.
Steps for PHP Token Generation:
- Load the
trongate_tokens
module. - Prepare a data array with necessary parameters.
- Call the _generate_token() method.
Example Code:
// Load the trongate_tokens module
$this->module('trongate_tokens');
// Prepare data array
$data = [
'user_id' => 88, // ID from trongate_users table
'expiry_date' => time() + (86400 * 7), // Token expires in 1 week
'set_cookie' => true // Optional: set a cookie
];
// Generate the token
$token = $this->trongate_tokens->_generate_token($data);
Key Parameters:
- user_id (required): Integer representing the user's ID in the
trongate_users
table. - expiry_date (optional): Unix timestamp for token expiration. If omitted, the default lifespan of 86400 seconds (1 day) is used.
- set_cookie (optional): Boolean to indicate if a cookie should be set. If not provided, the token is stored in the session.
- code (optional): String code for special access rights. Rarely used in manual token generation.
Note: If no expiry date is provided, the system uses a default lifespan, typically set to 86400 seconds (1 day).
Security Note: In development mode ('dev'), Trongate will automatically generate and allocate a token for any user who attempts to visit the admin panel, if no token is presented. This is managed by the _make_sure_allowed() method in the 'Trongate Administrators' module.
For production environments, ensure that the 'ENV' constant in config.php
is not set to 'dev' to avoid unintended token generation.