requestedAt = new \DateTimeImmutable('now'); $this->selector = strtr(base64_encode(random_bytes(self::SELECTOR_LENGTH * 3 / 4)), '+/', '-_'); $this->plainToken = strtr(base64_encode(random_bytes(18)), '+/', '-_'); $this->token = password_hash($this->plainToken, PASSWORD_DEFAULT); $this->user = $user; } public function getId() { return $this->id; } public function getAsString(): string { if (!$this->selector || !$this->plainToken) { throw new \Exception('You can get PasswordResetToken as a string only immediately after creation.'); } return $this->selector.$this->plainToken; } public function getUser(): { return $this->user; } public function isTokenEquals(string $token): bool { return password_verify($token, $this->token); } public function isExpired(): bool { if (($this->requestedAt->getTimestamp() + self::LIFETIME_HOURS * 3600) <= time()) { return true; } return false; } }