Reputation: 1
How to generate a key for php file that expires in 10 days. And other users can't execute the api after key expiration
I want to generate a key which is valid for 10 days from the day it is generated. So that anyone having the key can run the api for 10 days. I want this to be purely in php and no session or cookie should be used.
I have tried storing the key and date in file seperated by tab. But I want something that it does not require file also for storage. All this can be done with using php only.
I want that any one with the key can pass it as URI parameter such as http:www.example.com/key=abcdqwerty and this key should be valid for 10 days only.
Upvotes: 0
Views: 555
Answers (1)
Reputation: 23958
A cheap way is to md5 the date and use that as the key.
Then to validate loop the past 10 days and make them md5 and see if they match.
This means you don't need to save the keys and will be safe for most users.
Only the most nerdy nerds will try and figure out what the key is and if it can be broken.
// Create key
$key = md5("2019-05-16");
//$key = "5b6ed05ac59c0cae26957e39aceaa204";
//Validate
for($i=0; $i <= 10; $i++){
if($key == md5(date("Y-m-d", strtotime("-" . $i . " days")))){
echo "valid";
}
}
Working code with one being valid the other not, see output with one valid string only.
https://3v4l.org/Is4oT
Upvotes: 2
Related Questions
- PHP API Key Generator
- How to store an api key safely, template file
- How do i make a token expire
- Generate cryptographically secure tokens with built-in expiration period
- How do i make a token expire time
- PHP REST API Token Expiration Flow
- How to generate Api key for my app
- Using an API Key System
- How to securely use api key
- How to implement an API key on PHP software?