Skip to content

Generate cryptographically random tokens for use within Textpattern

License

Notifications You must be signed in to change notification settings

Bloke/smd_token

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

smd_token

Public tag to return a cryptographically secure sequence of characters. Very handy for using inside plugins or CSP headers.

Installation / Uninstallation

Download this plugin and then paste the code from the .txt file into the Textpattern Admin→Plugins panel, install and enable the plugin. For bug reports, please raise an issue.

To uninstall, delete the plugin from the Admin→Plugins panel.

Usage examples

16-character tokens are default, so to immediately return a 16-character randomly-generated token:

<txp:smd_token />

Display a 24-character randomly-generated token:

<txp:smd_token length="24" />

Display a 12-character randomly-generated token with a prefix:

<txp:smd_token length="12" prefix="nonce-" />

The above example outputs something like nonce-ab1b7f98175e.

<txp:smd_token name="my_csp" length="12" prefix="nonce-" />

Outputs a 12-character token with prefix, and stores the token value as ‘my_csp’ for later use in the same page request. If you don’t wish to display the token at this time (e.g. if you’re generating it in advance) specify display="0".

To retrieve the previously stored token and display its value:

<txp:smd_token name="my_csp" />

The length is ignored if you retrieve a previously saved token. But the prefix may be altered. Using display="0" in this case is pointless, because you would always need to display a token you’ve retrieved, but the ability to silence the output is honoured anyway.

To check if a named token has been generated already, use the conditional tag:

<txp:smd_if_token name="my_csp">
    <txp:smd_token name="my_csp" prefix="nonce-" />
<txp:else />
    <txp:smd_token name="my_csp" prefix="nonce-" length="12" />
</txp:smd_if_token>

The name attribute is mandatory. Without it, the tag will always return false.

If used as a single tag, the result will be 1 if the token exists, or empty otherwise.

Author / credits

Written by Stef Dawson.

About

Generate cryptographically random tokens for use within Textpattern

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages