private function TfaBasePlugin::timingSafeEquals in Two-factor Authentication (TFA) 7.2
A timing safe equals comparison.
More info here: http://blog.ircmaxell.com/2014/11/its-all-about-time.html.
Parameters
string $safeString: The internal (safe) value to be checked.
string $userString: The user submitted (unsafe) value.
Return value
bool True if the two strings are identical.
1 call to TfaBasePlugin::timingSafeEquals()
- TfaBasePlugin::validate in ./
tfa.inc - Validate code.
File
- ./
tfa.inc, line 564 - TFA module classes.
Class
- TfaBasePlugin
- Base plugin class.
Code
private function timingSafeEquals($safeString, $userString) {
if (function_exists('hash_equals')) {
return hash_equals($safeString, $userString);
}
$safeLen = strlen($safeString);
$userLen = strlen($userString);
if ($userLen != $safeLen) {
return FALSE;
}
$result = 0;
for ($i = 0; $i < $userLen; ++$i) {
$result |= ord($safeString[$i]) ^ ord($userString[$i]);
}
// They are only identical strings if $result is exactly 0.
return $result === 0;
}