Secure Token Integration For PHP
Publisher: Psychz Networks, April 21,2021The following article will help you to integrate secure token generated using a secret key in your PHP code. First, you need to login to the dashboard and enable Secure Token option for the desired location (domain). Once you enable Secure Token option, you can create a 'Secret Key' which will be then passed on to our backend. With this, you can generate your own tokens with md5 using the PHP script below. The newly generated URL then will hold all the necessary information which will match the Secure key saved at our backend and will allow access to the user.
Sample security token looks like
domain.com/?md5=Rbp0ZArvj3m3aOQNjo75Xg&
expires=1619082510
expires=1619082510
Once the security token is generated, you can use it in PHP code to create the URL token.
<?php
//$base_url = 'https://yourdomain.com'; // This is your CDN's base URL of the site, without the slash in the end
//$securityKey = 'token_security_key'; // Your security key used to create token using dashboard
//$locationpath = '/index.html'; // provide the path starting with the '/'
function securityToken( $base_url, $locationpath, $securityKey, $expires ='', $ip_addr=''){
// Set the time of expiry to one hour from the time of the creation
$expires = time() + 3600; // This parameter is optional and is up to your discretion define its expiration to the secure URL.
// If using IP validation
$ip_addr = "192.XXX.XX.XX";// Replace the IP address with the one used in the hash. This parameter is optional and is up to your discretion if you want to provide IP restrictions or not.
// Generate the token
if(!empty($expires))
{
// Generate the token with expiry
$hashableBase = $securityKey.$ip_addr.$locationpath.
$expires;
//here $ip_addr is optional
$token = md5($hashableBase, true);
$token = base64_encode($token);
$token = strtr($token, '+/', '-_');
$token = str_replace('=', '', $token);
// Generate the URL
$url = "https://$base_url{$locationpath}?md5={$token}&expires={$expires}";
}
else{
// Generate the token without expiry
$hashableBase = $securityKey.$ip_addr.$locationpath;
//here $ip_addr is optional
$token = md5($hashableBase, true);
$token = base64_encode($token);
$token = strtr($token, '+/', '-_');
$token = str_replace('=', '', $token);
// Generate the URL
$url = "https://$base_url{$locationpath}?md5={$token}";
}
return $url;
}
// Example usage:
// Returns: 'https://test.youdomain.com/index.
html?md5=AuiVJT4fw7frGmPDPuCzAg&expires=
31536000'
echo(securityToken('https://test.yo
udomain.com', '/index.html','super-secret-code','31536000','1.2.3.4'));
// Returns: 'https://test.youdomain.com/
index.html?md5=AuiVJT4fw7frGmPDPuCzAg'
echo(securityToken('https://test.yo
udomain.com', '/index.html',
'super-secret-code','',''));
?>