Merge pull request #11 from pdsinterop/fix/unique-tokens

make sure the token code is not in use

Author: ylebre

lib/User.php

@@ -7,8 +7,18 @@
 	class User {
 		private static function generateTokenCode() {
 			$digits = 6;
+
+			self::cleanupTokens();
+			$existingTokens = self::getExistingVerifyTokens();
+
 			$code = random_int(0,1000000);
 			$code = str_pad($code, $digits, '0', STR_PAD_LEFT);
+
+			while (in_array($code, $existingTokens)) { // make sure we have no collissions;
+				$code = random_int(0,1000000);
+				$code = str_pad($code, $digits, '0', STR_PAD_LEFT);
+			}
+
 			return $code;
 		}
 
@@ -331,4 +341,14 @@ public static function cleanupTokens() {
 				':now' => $now->getTimestamp()
 			]);
 		}
+
+		public static function getExistingVerifyTokens() {
+			Db::connect();
+			$query = Db::$pdo->prepare(
+				'SELECT code FROM verify'
+			);
+			$query->execute();
+			$existingTokens = $query->fetchAll();
+			return $existingTokens;
+		}
 	}		

tests/phpunit/UserTest.php

@@ -333,16 +333,11 @@ public function testCleanup() {
 			"hello" => "world",
 			"expires" => time() - 10
 		]);
-		$token2 = User::saveVerifyToken("verify", [
-			"hello" => "world",
-			"expires" => time() - 10
-		]);
 		$query = Db::$pdo->prepare('SELECT count(*) AS count FROM verify');
 		$query->execute();
 		$result = $query->fetchAll();
 		$beforeCleanup = $result[0]['count'];
-		$this->assertEquals(2, $beforeCleanup);
-		
+		$this->assertEquals(1, $beforeCleanup);
 		User::cleanupTokens();
 		$query = Db::$pdo->prepare('SELECT count(*) AS count FROM verify');
 		$query->execute();