hmac() public static méthode

This is not directly used as password hashing method, and thus isn't callable via the verify_hash() method. It should be used to create signatures and might be used in other password hashing methods.
See also: hash_hmac()
Author: KC Cloyd
public static hmac ( string $algo, string $data, string $key, boolean $raw_output = false ) : string
$algo string Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", etc..) See hash_algos() for a list of supported algorithms.
$data string Message to be hashed.
$key string Shared secret key used for generating the HMAC variant of the message digest.
$raw_output boolean When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
Résultat string
Exemple #1
0
 function test_hmac()
 {
     // known hashes taken from https://code.google.com/p/yii/issues/detail?id=1942
     $this->assertEquals('df08aef118f36b32e29d2f47cda649b6', PassHash::hmac('md5', 'data', 'secret'));
     $this->assertEquals('9818e3306ba5ac267b5f2679fe4abd37e6cd7b54', PassHash::hmac('sha1', 'data', 'secret'));
     // known hashes from https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
     $this->assertEquals('74e6f7298a9c2d168935f58c001bad88', PassHash::hmac('md5', '', ''));
     $this->assertEquals('fbdb1d1b18aa6c08324b7d64b71fb76370690e1d', PassHash::hmac('sha1', '', ''));
     $this->assertEquals('80070713463e7749b90c2dc24911e275', PassHash::hmac('md5', 'The quick brown fox jumps over the lazy dog', 'key'));
     $this->assertEquals('de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9', PassHash::hmac('sha1', 'The quick brown fox jumps over the lazy dog', 'key'));
 }
Exemple #2
0
 function test_ml_imgresize_array_external()
 {
     global $conf;
     $conf['useslash'] = 0;
     $conf['userewrite'] = 0;
     $ids = array('https://example.com/lib/tpl/dokuwiki/images/logo.png', 'http://example.com/lib/tpl/dokuwiki/images/logo.png', 'ftp://example.com/lib/tpl/dokuwiki/images/logo.png');
     $w = 80;
     $args = array('w' => $w);
     foreach ($ids as $id) {
         $tok = media_get_token($id, $w, 0);
         $hash = substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6);
         $expect = DOKU_BASE . $this->script . '?w=' . $w . '&tok=' . $tok . '&media=' . rawurlencode($id);
         $this->assertEquals($expect, ml($id, $args));
     }
     $h = 50;
     $args = array('h' => $h);
     $tok = media_get_token($id, $h, 0);
     $expect = DOKU_BASE . $this->script . '?h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id);
     $this->assertEquals($expect, ml($id, $args));
     $w = 80;
     $h = 50;
     $args = array('w' => $w, 'h' => $h);
     $tok = media_get_token($id, $w, $h);
     $expect = DOKU_BASE . $this->script . '?w=' . $w . '&h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id);
     $this->assertEquals($expect, ml($id, $args));
 }
Exemple #3
0
/**
 * Return a secret token to be used for CSRF attack prevention
 *
 * @author  Andreas Gohr <*****@*****.**>
 * @link    http://en.wikipedia.org/wiki/Cross-site_request_forgery
 * @link    http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html
 *
 * @return  string
 */
function getSecurityToken()
{
    /** @var Input $INPUT */
    global $INPUT;
    return PassHash::hmac('md5', session_id() . $INPUT->server->str('REMOTE_USER'), auth_cookiesalt());
}
Exemple #4
0
/**
 * Calculate a token to be used to verify fetch requests for resized or
 * cropped images have been internally generated - and prevent external
 * DDOS attacks via fetch
 *
 * @author Christopher Smith <*****@*****.**>
 *
 * @param string  $id    id of the image
 * @param int     $w     resize/crop width
 * @param int     $h     resize/crop height
 * @return string
 */
function media_get_token($id, $w, $h)
{
    // token is only required for modified images
    if ($w || $h || media_isexternal($id)) {
        $token = $id;
        if ($w) {
            $token .= '.' . $w;
        }
        if ($h) {
            $token .= '.' . $h;
        }
        return substr(PassHash::hmac('md5', $token, auth_cookiesalt()), 0, 6);
    }
    return '';
}
/**
 * Return a secret token to be used for CSRF attack prevention
 *
 * @author  Andreas Gohr <*****@*****.**>
 * @link    http://en.wikipedia.org/wiki/Cross-site_request_forgery
 * @link    http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html
 * @return  string
 */
function getSecurityToken()
{
    return PassHash::hmac('md5', session_id() . $_SERVER['REMOTE_USER'], auth_cookiesalt());
}