By Jessy


2019-04-12 15:04:37 8 Comments

I've created a token that I store in database, here is how I create my token :

$token = drupal_hmac_base64($pid . " " . $order_id . " " . $solde, drupal_get_private_key() . drupal_get_hash_salt());

And then when a user go to my url that looks like that :

https://mycustomwebsite.com/order_id/token

With the token and another value : order_id, I get the line in my database with the order_id and then I create a new token :

$new_token = drupal_hmac_base64($pid . " " . $order->order_id . " " . $solde, drupal_get_private_key() . drupal_get_hash_salt());

I compare these two tokens just for a verification to grant the access or not.

This works fine but couple days after when I try to go on a link the access doesn't work anymore. When I look at the new_token generated for verification it's not the same ! But the value used to make this token (pid, order_id and solde) are the same, so here is why I ask my question.

Does the drupal_get_hash_salt() or drupal_get_private_key() can return different values in the time ?

Related Questions

Sponsored Content

Sponsored Content