public static function Crypt::hashEquals in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/lib/Drupal/Component/Utility/Crypt.php \Drupal\Component\Utility\Crypt::hashEquals()
Compares strings in constant time.
Parameters
string $known_string: The expected string.
string $user_string: The user supplied string to check.
Return value
bool Returns TRUE when the two strings are equal, FALSE otherwise.
5 calls to Crypt::hashEquals()
- AccountForm::form in core/
modules/ user/ src/ AccountForm.php - Gets the actual form array to be built.
- PhpassHashedPassword::check in core/
lib/ Drupal/ Core/ Password/ PhpassHashedPassword.php - Check whether a plain text password matches a hashed password.
- rebuild.php in core/
rebuild.php - Rebuilds all Drupal caches even when Drupal itself does not work.
- UserController::confirmCancel in core/
modules/ user/ src/ Controller/ UserController.php - Confirms cancelling a user account via an email link.
- UserController::resetPass in core/
modules/ user/ src/ Controller/ UserController.php - Returns the user password reset page.
File
- core/
lib/ Drupal/ Component/ Utility/ Crypt.php, line 146 - Contains \Drupal\Component\Utility\Crypt.
Class
- Crypt
- Utility class for cryptographically-secure string handling routines.
Namespace
Drupal\Component\UtilityCode
public static function hashEquals($known_string, $user_string) {
if (function_exists('hash_equals')) {
return hash_equals($known_string, $user_string);
}
else {
// Backport of hash_equals() function from PHP 5.6
// @see https://github.com/php/php-src/blob/PHP-5.6/ext/hash/hash.c#L739
if (!is_string($known_string)) {
trigger_error(sprintf("Expected known_string to be a string, %s given", gettype($known_string)), E_USER_WARNING);
return FALSE;
}
if (!is_string($user_string)) {
trigger_error(sprintf("Expected user_string to be a string, %s given", gettype($user_string)), E_USER_WARNING);
return FALSE;
}
$known_len = strlen($known_string);
if ($known_len !== strlen($user_string)) {
return FALSE;
}
// This is security sensitive code. Do not optimize this for speed.
$result = 0;
for ($i = 0; $i < $known_len; $i++) {
$result |= ord($known_string[$i]) ^ ord($user_string[$i]);
}
return $result === 0;
}
}