/** * 验证密码是否符合哈希值 * * @param string $password * @param string $salt * @param string $hash * @return bool */ public function verify($password, $salt, $hash) { $component = explode('|', $hash); if (count($component) < 2) { return false; } if ($component[0] == self::HASH_TYPE_VJ2) { if (count($component) !== 3) { return false; } $username = base64_decode($component[1]); try { $targetHash = self::encode($password, $salt, self::HASH_TYPE_VJ2, $username); } catch (\InvalidArgumentException $e) { return false; } return VJ::slowEquals($hash, $targetHash); } else { if ($component[0] == 'openvj') { $targetHash = self::encode($password, $salt, self::HASH_TYPE_OPENVJ); try { return VJ::slowEquals($hash, $targetHash); } catch (\InvalidArgumentException $e) { return false; } } else { return false; } } }
/** * 检验消息和 MAC 是否匹配 * * @param $message * @param $sign * @return bool */ public function verify($message, $sign) { if (!is_string($message) || !is_string($sign)) { return false; } $messageSign = $this->sign($message); return VJ::slowEquals($messageSign, $sign); }
public function testSlowEquals() { $this->assertTrue(VJ::slowEquals('abcdefg', 'abcdefg')); $this->assertTrue(VJ::slowEquals('abcdEfg', 'abcdEfg')); $this->assertTrue(VJ::slowEquals('/abc/*defg', '/abc/*defg')); $this->assertFalse(VJ::slowEquals('abcd', 'abc')); $this->assertFalse(VJ::slowEquals('abc', 'abcd')); $this->assertFalse(VJ::slowEquals('abce', 'abcd')); $this->assertFalse(VJ::slowEquals('babc', 'cabc')); $this->assertFalse(VJ::slowEquals('abcdef', 'abxdef')); }