From 455904fed4d33a937cc3cfbd0b98318025e397e5 Mon Sep 17 00:00:00 2001
From: crecket <crecketgaming@gmail.com>
Date: Mon, 14 Mar 2016 11:03:42 +0100
Subject: [PATCH] Default expiry date on form tokens

---
 README.md           | 2 +-
 src/SecureFuncs.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f971ce7..4adebb3 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ Returns the decryped output as a string using [defuse/php-encryption](https://gi
 ### encrypt($input, $key = false)
 Encrypt a string, if no key is given one will be generated for you (Recommended) using [defuse/php-encryption](https://github.com/defuse/php-encryption)'s library.
 
-### getFormToken('form_token_id', $_POST['form_token'], $limit = false)
+### getFormToken('form_token_id', $form_token, $limit = 300)
 Verify a form token for the given id. The $limit is optional andm ust be given in seconds, if the limit is 300 and the token is used after 300 seconds it will be considered invalid.
 
 ### password_hash($password)
diff --git a/src/SecureFuncs.php b/src/SecureFuncs.php
index 427388f..3d1c0d6 100644
--- a/src/SecureFuncs.php
+++ b/src/SecureFuncs.php
@@ -56,7 +56,7 @@ public static function encrypt($input, $key = false)
      * @param $limit_time
      * @return md5hash
      */
-    public static function getFormToken($id, $token, $limit_time = false)
+    public static function getFormToken($id, $token, $limit_time = 300)
     {
         $valid = false;
         // Check if isset
@@ -74,6 +74,7 @@ public static function getFormToken($id, $token, $limit_time = false)
             }
         }
         unset($_SESSION['formtoken'][$id]);
+        unset($_SESSION['formtoken_time'][$id]);
         return $valid;
     }