function drupal_hmac_base64 in Drupal 7
Same name and namespace in other branches
- 6 includes/bootstrap.inc \drupal_hmac_base64()
Calculates a base-64 encoded, URL-safe sha-256 hmac.
Parameters
string $data: String to be validated with the hmac.
string $key: A secret string key.
Return value
string A base-64 encoded sha-256 hmac, with + replaced with -, / with _ and any = padding characters removed.
9 calls to drupal_hmac_base64()
- DrupalWebTestCase::drupalGetToken in modules/
simpletest/ drupal_web_test_case.php - Generate a token for the currently logged in user.
- drupal_generate_test_ua in includes/
bootstrap.inc - Generates a user agent string with a HMAC and timestamp for simpletest.
- drupal_get_token in includes/
common.inc - Generates a token based on $value, the user session, and the private key.
- drupal_valid_test_ua in includes/
bootstrap.inc - Returns the test prefix if this is an internal request from SimpleTest.
- file_managed_file_process in modules/
file/ file.module - Process function to expand the managed_file element type.
File
- includes/
bootstrap.inc, line 2337 - Functions that need to be loaded on every Drupal request.
Code
function drupal_hmac_base64($data, $key) {
// Casting $data and $key to strings here is necessary to avoid empty string
// results of the hash function if they are not scalar values. As this
// function is used in security-critical contexts like token validation it is
// important that it never returns an empty string.
$hmac = base64_encode(hash_hmac('sha256', (string) $data, (string) $key, TRUE));
// Modify the hmac so it's safe to use in URLs.
return strtr($hmac, array(
'+' => '-',
'/' => '_',
'=' => '',
));
}