public static function hash_equals($knownString, $userInput) { if (!is_string($knownString)) { trigger_error('Expected known_string to be a string, ' . gettype($knownString) . ' given', E_USER_WARNING); return false; } if (!is_string($userInput)) { trigger_error('Expected user_input to be a string, ' . gettype($userInput) . ' given', E_USER_WARNING); return false; } $knownLen = Binary::strlen($knownString); $userLen = Binary::strlen($userInput); if ($knownLen !== $userLen) { return false; } $result = 0; for ($i = 0; $i < $knownLen; ++$i) { $result |= ord($knownString[$i]) ^ ord($userInput[$i]); } return 0 === $result; }
/** * Returns the number of bytes in a string. * * @param string $string The string whose length we wish to obtain * * @return int */ public static function safeStrlen($string) { return Binary::strlen($string); }