This is a native PHP implementation of the Edgio Token Generator that does not require a PHP extension to operate, making it suitable for environments in which PHP extensions are not available.
Additional ECToken parameter management has been included in order to assist users of this library to construct parameter strings for encrypting.
Efforts have been made to ensure that this code will operate properly on PHP 5.6+ or PHP 7+, with or without mbstring or openssl support.
- Composer (https://getcomposer.org) is required for dependency management
Clone or download this repository and run composer install
from the direcory
containing composer.json
Note: composer install
should be performed in an environment closely
resembling the production environment because dependant library versions will be
chosen based on the PHP version encountered during install.
require_once('path/to/autoload.php');
$key = "12345678";
// Configure the token
$token = new ECToken3\ECToken();
$token
->addValue('ec_clientip', '111.11.111.11')
->addValue('ec_expire', 1185943200)
->addValue('ec_country_allow', 'US')
->addValue('ec_country_allow', 'CA')
->addValue('ec_ref_allow', 'ec1.com');
// Set up the encryption
$encryptor = new ECToken\Crypto($key);
// Generate and encrypt the token
$ectoken = $encryptor->encrypt($token->encode());
echo $ectoken;
The library contains a mechanism to configure tokens using the simple ECToken class. Paremeter names and values are validated for proper content based on the VDMS Token-Based Authentication Administration Guide. Parameter definitions are aware of whether each parameter can accommodate multiple values.
A parser is provided for consuming decrypted ectokens back into this data structure. For example:
require_once('path/to/autoload.php);
$key = '12345678';
$ectoken = '3JfiJSVMLupuU6JIk88cjm9kmr8A0ERvcB8WH_8n-9pJKPsBf1l7QNnRQQ6H4M4gysS3J3SRJtAqUQhHmt6HWnaAV-UejGp38iQxd3uZgYnYLWiompbbQTFc5fwu9-x-mtwnsQ5bz2W-ma1LPlj9ZPdXGxN9Pg';
$encryptor = ECToken3\Crypto($key);
$token = new ECToken3\ECToken();
$token->decode($encryptor->decrypt($ectoken));
foreach ($token->getParameters() as $name => $parameter) {
print("$name: " . implode(', ', $parameter->getValues()) . "\n");
}
Output:
ec_clientip: 111.11.111.11
ec_expire: 1185943200
ec_country_allow: US, CA
ec_ref_allow: ec1.com
Existing code bases should be simple to migrate from php extension versions of php-ectoken.
- Remove any checks for the
ectoken
PHP extension (e.g.extension_loaded('ectoken')
) - Refactor calls to
ectoken_encrypt_token
orectoken_decrypt_token
as above or include the following shim:
require_once('path/to/autoload.php');
function ectoken_encrypt_token($key, $input) {
$encryptor = new ECToken\Crypto($key);
return $encryptor->encrypt($input);
}
function ectoken_decrypt_token($key, $input) {
$encryptor = new ECToken\Crypto($key);
return $encryptor->decrypt($input);
}
These libraries are used directly:
- php-aes-gcm: AES GCM (Galois Counter Mode) PHP Implementation https://github.com/Spomky-Labs/php-aes-gcm
- random_compat: PHP 5.x polyfill for
random_bytes()
andrandom_int()
https://github.com/paragonie/random_compat - constant_time_encoding: Constant-Time Character Encoding in PHP Projects https://github.com/paragonie/constant_time_encoding
- polyfill-mbstring: Symfony Polyfill / Mbstring https://github.com/symfony/polyfill
- Respect\Validation: Validation library https://github.com/Respect/Validation