public static Crypt::hashEquals($known_string, $user_string)
Compares strings in constant time.
Parameters
string $known_string: The expected string.
string $user_string: The user supplied string to check.
Return value
bool Returns TRUE when the two strings are equal, FALSE otherwise.
File
- core/lib/Drupal/Component/Utility/Crypt.php, line 87
Class
- Crypt
- Utility class for cryptographically-secure string handling routines.
Namespace
Drupal\Component\Utility
Code
public static function hashEquals($known_string, $user_string) { if (function_exists('hash_equals')) { return hash_equals($known_string, $user_string); } else { // Backport of hash_equals() function from PHP 5.6 // @see https://github.com/php/php-src/blob/PHP-5.6/ext/hash/hash.c#L739 if (!is_string($known_string)) { trigger_error(sprintf("Expected known_string to be a string, %s given", gettype($known_string)), E_USER_WARNING); return FALSE; } if (!is_string($user_string)) { trigger_error(sprintf("Expected user_string to be a string, %s given", gettype($user_string)), E_USER_WARNING); return FALSE; } $known_len = strlen($known_string); if ($known_len !== strlen($user_string)) { return FALSE; } // This is security sensitive code. Do not optimize this for speed. $result = 0; for ($i = 0; $i < $known_len; $i++) { $result |= (ord($known_string[$i]) ^ ord($user_string[$i])); } return $result === 0; } }
Please login to continue.