Supported Versions: PHP 5 >= 5.6.0, PHP 7, PHP 8
Timing attack safe string comparison
<?php hash_equals(string $known_string, string $user_string): bool<?php $this->connection->table($this->table)->find($identifier)
);
return $user && $user->getRememberToken() && hash_equals($user->getRememberToken(), $token)
? $user : null;
}<?php $rememberToken = $retrievedModel->getRememberToken();
return $rememberToken && hash_equals($rememberToken, $token) ? $retrievedModel : null;
}<?php protected function validMacForKey($payload, $key)
{
return hash_equals(
$this->hash($payload['iv'], $payload['value'], $key), $payload['mac']
);
}<?php {
$hash = @md5_file($firstFile);
return $hash && hash_equals($hash, (string) @md5_file($secondFile));
}<?php public function authorize()
{
if (! hash_equals((string) $this->user()->getKey(), (string) $this->route('id'))) {
return false;
}<?php return false;
}
if (! hash_equals(sha1($this->user()->getEmailForVerification()), (string) $this->route('hash'))) {
return false;
}<?php return is_array($payload) &&
is_numeric($payload['expires_at'] ?? null) &&
isset($payload['mac']) &&
hash_equals(hash_hmac('sha256', $payload['expires_at'], $key), $payload['mac']) &&
(int) $payload['expires_at'] >= Carbon::now()->getTimestamp();
}
}<?php return is_string($request->session()->token()) &&
is_string($token) &&
hash_equals($request->session()->token(), $token);
}<?php $signature = hash_hmac('sha256', $original, call_user_func($this->keyResolver));
return hash_equals($signature, (string) $request->query('signature', ''));
}<?php if ($this->guard()->viaRemember()) {
$passwordHash = explode('|', $request->cookies->get($this->guard()->getRecallerName()))[2] ?? null;
if (! $passwordHash || ! hash_equals($request->user()->getAuthPassword(), $passwordHash)) {
$this->logout($request);
}
}<?php $this->storePasswordHashInSession($request);
}
if (! hash_equals($request->session()->get('password_hash_'.$this->auth->getDefaultDriver()), $request->user()->getAuthPassword())) {
$this->logout($request);
}