The Trongate Tokens Module

This module provides comprehensive token-based authentication functionality for the application. The controller class (Trongate_tokens.php) handles token generation, validation, regeneration, and destruction. It supports token storage across multiple locations (HTTP headers, cookies, and sessions) and manages user authentication with configurable expiration dates and user level filtering.

__construct()

Constructor for the Trongate_tokens module. Calls parent constructor and blocks direct URL access.

attempt_get_valid_token()

Attempts to validate and return a valid token from HTTP headers, cookies, or session. Optionally filters tokens by user level(s).

delete_old_tokens()

Deletes expired tokens from the database. Optionally deletes tokens for a specific user (both expired and non‑expired).

destroy()

Destroys all Trongate tokens from the current request context: session, cookie, HTTP headers, and database. Also performs cleanup of expired tokens.

generate_token()

Generates a new Trongate token and stores it in the database. Tokens are 64‑character hexadecimal strings used for user authentication.

get_user_id()

Retrieves the user ID associated with a token. If no token is provided, checks session, cookie, and HTTP headers automatically.

get_user_level()

Retrieves the user level (title) associated with a token. If no token is provided, checks session, cookie, and HTTP headers automatically.

get_user_obj()

Retrieves the full user object associated with a token. If no token is provided, checks session, cookie, and HTTP headers automatically.

regenerate()

Regenerates a token with a new expiration date. It validates the input format of the old token and the expiration date before proceeding. If the input format is invalid or the old token does not exist, appropriate HTTP response codes are set to indicate the failure reason.