This is not directly used as password hashing method, and thus isn't callable via the
verify_hash() method. It should be used to create signatures and might be used in other
password hashing methods.
| public static hmac ( string $algo, string $data, string $key, boolean $raw_output = false ) : string | ||
| $algo | string | Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", etc..) See hash_algos() for a list of supported algorithms. |
| $data | string | Message to be hashed. |
| $key | string | Shared secret key used for generating the HMAC variant of the message digest. |
| $raw_output | boolean | When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits. |
| Résultat | string | |
function test_hmac()
{
// known hashes taken from https://code.google.com/p/yii/issues/detail?id=1942
$this->assertEquals('df08aef118f36b32e29d2f47cda649b6', PassHash::hmac('md5', 'data', 'secret'));
$this->assertEquals('9818e3306ba5ac267b5f2679fe4abd37e6cd7b54', PassHash::hmac('sha1', 'data', 'secret'));
// known hashes from https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
$this->assertEquals('74e6f7298a9c2d168935f58c001bad88', PassHash::hmac('md5', '', ''));
$this->assertEquals('fbdb1d1b18aa6c08324b7d64b71fb76370690e1d', PassHash::hmac('sha1', '', ''));
$this->assertEquals('80070713463e7749b90c2dc24911e275', PassHash::hmac('md5', 'The quick brown fox jumps over the lazy dog', 'key'));
$this->assertEquals('de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9', PassHash::hmac('sha1', 'The quick brown fox jumps over the lazy dog', 'key'));
}
function test_ml_imgresize_array_external()
{
global $conf;
$conf['useslash'] = 0;
$conf['userewrite'] = 0;
$ids = array('https://example.com/lib/tpl/dokuwiki/images/logo.png', 'http://example.com/lib/tpl/dokuwiki/images/logo.png', 'ftp://example.com/lib/tpl/dokuwiki/images/logo.png');
$w = 80;
$args = array('w' => $w);
foreach ($ids as $id) {
$tok = media_get_token($id, $w, 0);
$hash = substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6);
$expect = DOKU_BASE . $this->script . '?w=' . $w . '&tok=' . $tok . '&media=' . rawurlencode($id);
$this->assertEquals($expect, ml($id, $args));
}
$h = 50;
$args = array('h' => $h);
$tok = media_get_token($id, $h, 0);
$expect = DOKU_BASE . $this->script . '?h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id);
$this->assertEquals($expect, ml($id, $args));
$w = 80;
$h = 50;
$args = array('w' => $w, 'h' => $h);
$tok = media_get_token($id, $w, $h);
$expect = DOKU_BASE . $this->script . '?w=' . $w . '&h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id);
$this->assertEquals($expect, ml($id, $args));
}
/**
* Return a secret token to be used for CSRF attack prevention
*
* @author Andreas Gohr <*****@*****.**>
* @link http://en.wikipedia.org/wiki/Cross-site_request_forgery
* @link http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html
*
* @return string
*/
function getSecurityToken()
{
/** @var Input $INPUT */
global $INPUT;
return PassHash::hmac('md5', session_id() . $INPUT->server->str('REMOTE_USER'), auth_cookiesalt());
}
/**
* Calculate a token to be used to verify fetch requests for resized or
* cropped images have been internally generated - and prevent external
* DDOS attacks via fetch
*
* @author Christopher Smith <*****@*****.**>
*
* @param string $id id of the image
* @param int $w resize/crop width
* @param int $h resize/crop height
* @return string
*/
function media_get_token($id, $w, $h)
{
// token is only required for modified images
if ($w || $h || media_isexternal($id)) {
$token = $id;
if ($w) {
$token .= '.' . $w;
}
if ($h) {
$token .= '.' . $h;
}
return substr(PassHash::hmac('md5', $token, auth_cookiesalt()), 0, 6);
}
return '';
}
/**
* Return a secret token to be used for CSRF attack prevention
*
* @author Andreas Gohr <*****@*****.**>
* @link http://en.wikipedia.org/wiki/Cross-site_request_forgery
* @link http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html
* @return string
*/
function getSecurityToken()
{
return PassHash::hmac('md5', session_id() . $_SERVER['REMOTE_USER'], auth_cookiesalt());
}