This is not directly used as password hashing method, and thus isn't callable via the
verify_hash() method. It should be used to create signatures and might be used in other
password hashing methods.
public static hmac ( string $algo, string $data, string $key, boolean $raw_output = false ) : string | ||
$algo | string | Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", etc..) See hash_algos() for a list of supported algorithms. |
$data | string | Message to be hashed. |
$key | string | Shared secret key used for generating the HMAC variant of the message digest. |
$raw_output | boolean | When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits. |
return | string |
function test_hmac() { // known hashes taken from https://code.google.com/p/yii/issues/detail?id=1942 $this->assertEquals('df08aef118f36b32e29d2f47cda649b6', PassHash::hmac('md5', 'data', 'secret')); $this->assertEquals('9818e3306ba5ac267b5f2679fe4abd37e6cd7b54', PassHash::hmac('sha1', 'data', 'secret')); // known hashes from https://en.wikipedia.org/wiki/Hash-based_message_authentication_code $this->assertEquals('74e6f7298a9c2d168935f58c001bad88', PassHash::hmac('md5', '', '')); $this->assertEquals('fbdb1d1b18aa6c08324b7d64b71fb76370690e1d', PassHash::hmac('sha1', '', '')); $this->assertEquals('80070713463e7749b90c2dc24911e275', PassHash::hmac('md5', 'The quick brown fox jumps over the lazy dog', 'key')); $this->assertEquals('de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9', PassHash::hmac('sha1', 'The quick brown fox jumps over the lazy dog', 'key')); }
function test_ml_imgresize_array_external() { global $conf; $conf['useslash'] = 0; $conf['userewrite'] = 0; $ids = array('https://example.com/lib/tpl/dokuwiki/images/logo.png', 'http://example.com/lib/tpl/dokuwiki/images/logo.png', 'ftp://example.com/lib/tpl/dokuwiki/images/logo.png'); $w = 80; $args = array('w' => $w); foreach ($ids as $id) { $tok = media_get_token($id, $w, 0); $hash = substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); $expect = DOKU_BASE . $this->script . '?w=' . $w . '&tok=' . $tok . '&media=' . rawurlencode($id); $this->assertEquals($expect, ml($id, $args)); } $h = 50; $args = array('h' => $h); $tok = media_get_token($id, $h, 0); $expect = DOKU_BASE . $this->script . '?h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id); $this->assertEquals($expect, ml($id, $args)); $w = 80; $h = 50; $args = array('w' => $w, 'h' => $h); $tok = media_get_token($id, $w, $h); $expect = DOKU_BASE . $this->script . '?w=' . $w . '&h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id); $this->assertEquals($expect, ml($id, $args)); }
/** * Return a secret token to be used for CSRF attack prevention * * @author Andreas Gohr <*****@*****.**> * @link http://en.wikipedia.org/wiki/Cross-site_request_forgery * @link http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html * * @return string */ function getSecurityToken() { /** @var Input $INPUT */ global $INPUT; return PassHash::hmac('md5', session_id() . $INPUT->server->str('REMOTE_USER'), auth_cookiesalt()); }
/** * Calculate a token to be used to verify fetch requests for resized or * cropped images have been internally generated - and prevent external * DDOS attacks via fetch * * @author Christopher Smith <*****@*****.**> * * @param string $id id of the image * @param int $w resize/crop width * @param int $h resize/crop height * @return string */ function media_get_token($id, $w, $h) { // token is only required for modified images if ($w || $h || media_isexternal($id)) { $token = $id; if ($w) { $token .= '.' . $w; } if ($h) { $token .= '.' . $h; } return substr(PassHash::hmac('md5', $token, auth_cookiesalt()), 0, 6); } return ''; }
/** * Return a secret token to be used for CSRF attack prevention * * @author Andreas Gohr <*****@*****.**> * @link http://en.wikipedia.org/wiki/Cross-site_request_forgery * @link http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html * @return string */ function getSecurityToken() { return PassHash::hmac('md5', session_id() . $_SERVER['REMOTE_USER'], auth_cookiesalt()); }