Default expiry date on form tokens

Author: Crecket

README.md

@@ -29,7 +29,7 @@ Returns the decryped output as a string using [defuse/php-encryption](https://gi
 ### encrypt($input, $key = false)
 Encrypt a string, if no key is given one will be generated for you (Recommended) using [defuse/php-encryption](https://github.com/defuse/php-encryption)'s library.
 
-### getFormToken('form_token_id', $_POST['form_token'], $limit = false)
+### getFormToken('form_token_id', $form_token, $limit = 300)
 Verify a form token for the given id. The $limit is optional andm ust be given in seconds, if the limit is 300 and the token is used after 300 seconds it will be considered invalid.
 
 ### password_hash($password)

src/SecureFuncs.php

@@ -56,7 +56,7 @@ public static function encrypt($input, $key = false)
      * @param $limit_time
      * @return md5hash
      */
-    public static function getFormToken($id, $token, $limit_time = false)
+    public static function getFormToken($id, $token, $limit_time = 300)
     {
         $valid = false;
         // Check if isset
@@ -74,6 +74,7 @@ public static function getFormToken($id, $token, $limit_time = false)
             }
         }
         unset($_SESSION['formtoken'][$id]);
+        unset($_SESSION['formtoken_time'][$id]);
         return $valid;
     }