The Trongate Tokens Module

This module provides comprehensive token-based authentication functionality for the application. The controller class (Trongate_tokens.php) handles token generation, validation, regeneration, and destruction. It supports token storage across multiple locations (HTTP headers, cookies, and sessions) and manages user authentication with configurable expiration dates and user level filtering.

attempt_get_valid_token()

Attempts to validate and return a token based on optional user level(s) condition.
This method checks for a valid token in the following locations, in order of priority:

delete_old_tokens()

Deletes old tokens from the database. This function deletes tokens that have expired. If a user ID is provided, it also deletes tokens associated with that user.

destroy()

Destroys tokens from session, cookie, and HTTP headers. This method removes tokens from session, cookie, and HTTP headers storage, and deletes them from the database. Additionally, it cleans up expired tokens from the database.

generate_token()

Generates a token based on provided data. The token is a 32-character random string that can be optionally set as a cookie and has an optional expiration date.

get_user_id()

Retrieves the Trongate user ID based on a provided token. If no token is provided, the method attempts to fetch and use a token from the session, cookie, or page header values. If no valid token is found, the method returns false.

get_user_level()

Retrieves the user level associated with the given token or the current user token. If a token is provided, it retrieves the user level for that token. If no token is provided, it retrieves the user level for the current user.

get_user_obj()

Retrieves the Trongate user object based on a provided token. If no token is provided, the method attempts to fetch and use a token from the session, cookie, or page header values. If no valid token is found, the method returns false.

regenerate()

Regenerates a token with a new expiration date. It validates the input format of the old token and the expiration date before proceeding. If the input format is invalid or the old token does not exist, appropriate HTTP response codes are set to indicate the failure reason.