hash_equals
laravel/framework
Supported Versions: PHP 5 >= 5.6.0, PHP 7, PHP 8
Timing attack safe string comparison
hash_equals
(
string $known_string
,
string $user_string
):
bool
$this
->
connection
->
table
(
$this
->
table
)->
find
(
$identifier
)
);
return
$user
&&
$user
->
getRememberToken
() &&
hash_equals
(
$user
->
getRememberToken
(),
$token
)
?
$user
:
null
;
}
src/Illuminate/Auth/DatabaseUserProvider.php
$rememberToken
=
$retrievedModel
->
getRememberToken
();
return
$rememberToken
&&
hash_equals
(
$rememberToken
,
$token
)
?
$retrievedModel
:
null
;
}
src/Illuminate/Auth/EloquentUserProvider.php
protected function
validMac
(array
$payload
)
{
return
hash_equals
(
$this
->
hash
(
$payload
[
'iv'
],
$payload
[
'value'
]),
$payload
[
'mac'
]
);
}
src/Illuminate/Encryption/Encrypter.php
public function
authorize
()
{
if (!
hash_equals
((string)
$this
->
route
(
'id'
),
(string)
$this
->
user
()->
getKey
())) {
return
false
;
}
src/Illuminate/Foundation/Auth/EmailVerificationRequest.php
return
false
;
}
if (!
hash_equals
((string)
$this
->
route
(
'hash'
),
sha1
(
$this
->
user
()->
getEmailForVerification
()))) {
return
false
;
}
src/Illuminate/Foundation/Auth/EmailVerificationRequest.php
return
is_array
(
$payload
) &&
is_numeric
(
$payload
[
'expires_at'
] ??
null
) &&
isset(
$payload
[
'mac'
]) &&
hash_equals
(
hash_hmac
(
'sha256'
,
$payload
[
'expires_at'
],
$key
),
$payload
[
'mac'
]) &&
(int)
$payload
[
'expires_at'
] >=
Carbon
::
now
()->
getTimestamp
();
}
}
src/Illuminate/Foundation/Http/MaintenanceModeBypassCookie.php
return
is_string
(
$request
->
session
()->
token
()) &&
is_string
(
$token
) &&
hash_equals
(
$request
->
session
()->
token
(),
$token
);
}
src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
$signature
=
hash_hmac
(
'sha256'
,
$original
,
call_user_func
(
$this
->
keyResolver
));
return
hash_equals
(
$signature
, (string)
$request
->
query
(
'signature'
,
''
));
}
src/Illuminate/Routing/UrlGenerator.php