By Jessy


2019-04-12 15:04:37 8 Comments

I've created a token that I store in database, here is how I create my token :

$token = drupal_hmac_base64($pid . " " . $order_id . " " . $solde, drupal_get_private_key() . drupal_get_hash_salt());

And then when a user go to my url that looks like that :

https://mycustomwebsite.com/order_id/token

With the token and another value : order_id, I get the line in my database with the order_id and then I create a new token :

$new_token = drupal_hmac_base64($pid . " " . $order->order_id . " " . $solde, drupal_get_private_key() . drupal_get_hash_salt());

I compare these two tokens just for a verification to grant the access or not.

This works fine but couple days after when I try to go on a link the access doesn't work anymore. When I look at the new_token generated for verification it's not the same ! But the value used to make this token (pid, order_id and solde) are the same, so here is why I ask my question.

Does the drupal_get_hash_salt() or drupal_get_private_key() can return different values in the time ?

1 comments

@Shawn Conn 2019-04-13 21:40:33

drupal_get_hash_salt() is either:

  • a manually-entered value stored in your settings.php
  • ...or (by default) a hash of your serialized-DB config

drupal_get_private_key() is either:

  • a stored variable called drupal_private_key if it's set
  • ...or (by default) randomly generated bytes (that are saved to drupal_private_key after generation)

So, either one can change their value if:

  • You changed your DB config (if $drupal_hash_salt isn't manually set in settings.php).
  • You've lost/removed drupal_private_key from the variable DB table.

Related Questions

Sponsored Content

1 Answered Questions

1 Answered Questions

[SOLVED] Using node values in a custom token

  • 2019-01-04 17:58:39
  • Sam
  • 71 View
  • -1 Score
  • 1 Answer
  • Tags:   tokens

1 Answered Questions

[SOLVED] How to find where are defined tokens for Redirect?

  • 2018-12-04 17:06:16
  • kenorb
  • 77 View
  • 1 Score
  • 1 Answer
  • Tags:   8 redirect tokens

2 Answered Questions

[SOLVED] What's the workflow behind [user:display-name] token?

  • 2018-09-04 12:43:58
  • Sugandh Khanna
  • 53 View
  • 1 Score
  • 2 Answer
  • Tags:   8 users tokens

1 Answered Questions

[SOLVED] What is the token for [random:hash:?]?

  • 2018-02-25 20:27:28
  • 1ad9ac48
  • 328 View
  • 0 Score
  • 1 Answer
  • Tags:   8 tokens

1 Answered Questions

[SOLVED] Use custom token

  • 2017-07-07 04:57:13
  • geroldk
  • 395 View
  • 1 Score
  • 1 Answer
  • Tags:   webforms tokens

2 Answered Questions

[SOLVED] Is there a token for the key of a text list?

  • 2016-05-10 01:08:34
  • UltraBob
  • 618 View
  • 1 Score
  • 2 Answer
  • Tags:   7 tokens entities

2 Answered Questions

[SOLVED] node:menu tokens not working in Pathauto

1 Answered Questions

[SOLVED] Store token replacement values in the database rather than tokens themselves

  • 2012-02-17 07:25:51
  • hclayton
  • 625 View
  • 0 Score
  • 1 Answer
  • Tags:   7 tokens

1 Answered Questions

[SOLVED] How do I create custom tokens?

  • 2011-07-10 21:55:54
  • user1750
  • 1534 View
  • 1 Score
  • 1 Answer
  • Tags:   7 tokens

Sponsored Content