All geek questions in one place

Php function call undefined hash_equals ()

can anyone help me solve this problem? I get the error ' call of undefined function hash_equals() ' here is my code:

 $username = 'Admin'; $password = 'sample1Pasword'; $dbh = new PDO('mysql:host=localhost;dbname=test', $USER, $PASSWORD); $sth = $dbh->prepare(' SELECT hash FROM users WHERE username = :username LIMIT 1 '); $sth->bindParam(':username', $username); $sth->execute(); $user = $sth->fetch(PDO::FETCH_OBJ); // Hashing the password with its hash as the salt returns the same hash if ( hash_equals($user->hash, crypt($password, $user->hash)) ) { // Ok! }else{ //user not found }

I do not know what is happening, I am just looking for this function, but instead I solved the problem. Sorry for my bad english. Thanks!

+5
source share
4 answers

In php.net docs we can find a replacement function for older php versions:

 if(!function_exists('hash_equals')) { function hash_equals($str1, $str2) { if(strlen($str1) != strlen($str2)) { return false; } else { $res = $str1 ^ $str2; $ret = 0; for($i = strlen($res) - 1; $i >= 0; $i--) { $ret |= ord($res[$i]); } return !$ret; } } }

Otherwise, you can use this library: https://github.com/ircmaxell/password_compat

+18
source

From the documentation :

(PHP 5> = 5.6.0)

If you have a version older than 5.6.0, then you will not use this function.

+8
source

Use phpinfo() and check your version of PHP. PHP versions prior to 5.6 do not have a hash_equals function hash_equals . To use this feature, upgrade to the latest version of PHP (or at least prior to 5.6).

0
source 
 if(!function_exists('hash_equals')) { function hash_equals($a,$b){ /*** * special delay incrementing dos robust comparator */ $ip_one = $_SERVER['HTTP_X_FORWARDED_FOR']; $ip_two = $_SERVER['REMOTE_ADDR']; $db = new SQLdb(); $counter = $db->quickquery("SELECT count(*) FROM dos WHERE (ip='".$ip_one."' OR ip='".$ip_two."') AND recent_datetime >= DATE_SUB(NOW(), INTERVAL 1 HOUR)"); if ($counter > 5) { sleep($counter *2); } if ($a!=b){ $db->quickquery("INSERT INTO dos (ip, recent_datetime) VALUES ('".$ip_one."', now())"); $db->quickquery("INSERT INTO dos (ip, recent_datetime) VALUES ('".$ip_two."', now())"); return false; } else{ return true; } } }

This is probably better - you need a small table called dos with 2 columns ( ip text , recent_datetime datetime ), and you must recent_datetime index recent_datetime . And add your own sql engine. I have not previously prepared the mysql statements. This is legible and if you want, consider it a pseudo-code. So calm down. You will not end your life. I very much doubt that you can enter variable IP addresses of the server, and if you can Zend - these are muppets. In any case, I'm distracted.

You will get protection against interception of authenticity from this, which is pretty good.

0
source

Source: https://habr.com/ru/post/1210203/

More articles:


All Articles