PHP 未定义函数的调用 hash_equals()
PHP call of undefined function hash_equals()
谁能帮我解决这个问题?
我收到“call of undefined function hash_equals()”错误
这是我的代码:
$username = 'Admin';
$password = 'sample1Pasword';
$dbh = new PDO('mysql:host=localhost;dbname=test', $USER, $PASSWORD);
$sth = $dbh->prepare('
SELECT
hash
FROM users
WHERE
username = :username
LIMIT 1
');
$sth->bindParam(':username', $username);
$sth->execute();
$user = $sth->fetch(PDO::FETCH_OBJ);
// Hashing the password with its hash as the salt returns the same hash
if ( hash_equals($user->hash, crypt($password, $user->hash)) ) {
// Ok!
}else{
//user not found
}
我不知道发生了什么,我只是搜索这个函数,但它却给我带来了问题。谢谢!
(PHP 5 >= 5.6.0)
如果您的版本早于 5.6.0,则不会内置此功能。
使用 phpinfo() 并检查您的 PHP 版本。 PHP 5.6 之前的版本没有内置 hash_equals 函数。升级到最新版本 PHP(或至少到 5.6)以使用此功能。
在 php.net 文档中,我们可以找到旧 php 版本的替代函数:
if(!function_exists('hash_equals'))
{
function hash_equals($str1, $str2)
{
if(strlen($str1) != strlen($str2))
{
return false;
}
else
{
$res = $str1 ^ $str2;
$ret = 0;
for($i = strlen($res) - 1; $i >= 0; $i--)
{
$ret |= ord($res[$i]);
}
return !$ret;
}
}
}
否则,您可以使用这个库:https://github.com/ircmaxell/password_compat
if(!function_exists('hash_equals'))
{
function hash_equals($a,$b){
/***
* special delay incrementing dos robust comparator
*/
$ip_one = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ip_two = $_SERVER['REMOTE_ADDR'];
$db = new SQLdb();
$counter = $db->quickquery("SELECT count(*) FROM dos WHERE (ip='".$ip_one."' OR ip='".$ip_two."') AND recent_datetime >= DATE_SUB(NOW(), INTERVAL 1 HOUR)");
if ($counter > 5) {
sleep($counter *2);
}
if ($a!=b){
$db->quickquery("INSERT INTO dos (ip, recent_datetime) VALUES ('".$ip_one."', now())");
$db->quickquery("INSERT INTO dos (ip, recent_datetime) VALUES ('".$ip_two."', now())");
return false;
}
else{
return true;
}
}
}
这可能更好 - 您需要一个名为 dos 的小型 table,包含 2 列(ip text、recent_datetime datetime),并且您绝对应该索引 recent_datetime。并添加您自己的 sql 引擎。我没有预先准备 mysql 语句。它清晰易读,如果您愿意,可以将其视为伪代码。所以冷静下来。你的生命不会结束。我非常怀疑你能否注入服务器 ip 地址变量,如果你能的话,Zend 就是木偶。反正我跑题了。
你会得到一个身份验证锤保护,这是相当不错的。
取自 Facebook sdk 的解决方案:
https://github.com/facebook/php-graph-sdk/blob/5.x/src/Facebook/polyfills.php
/**
* Copyright 2017 Facebook, Inc.
*
* You are hereby granted a non-exclusive, worldwide, royalty-free license to
* use, copy, modify, and distribute this software in source code or binary
* form for use in connection with the web services and APIs provided by
* Facebook.
*
* As with any software that integrates with the Facebook platform, your use
* of this software is subject to the Facebook Developer Principles and
* Policies [http://developers.facebook.com/policy/]. This copyright notice
* shall be included in all copies or substantial portions of the software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
*/
/**
* @see https://github.com/sarciszewski/php-future/blob/master/src/Security.php#L37-L51
*/
if (!function_exists('hash_equals')) {
function hash_equals($knownString, $userString)
{
if (function_exists('mb_strlen')) {
$kLen = mb_strlen($knownString, '8bit');
$uLen = mb_strlen($userString, '8bit');
} else {
$kLen = strlen($knownString);
$uLen = strlen($userString);
}
if ($kLen !== $uLen) {
return false;
}
$result = 0;
for ($i = 0; $i < $kLen; $i++) {
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
}
// They are only identical strings if $result is exactly 0...
return 0 === $result;
}
}
谁能帮我解决这个问题?
我收到“call of undefined function hash_equals()”错误
这是我的代码:
$username = 'Admin';
$password = 'sample1Pasword';
$dbh = new PDO('mysql:host=localhost;dbname=test', $USER, $PASSWORD);
$sth = $dbh->prepare('
SELECT
hash
FROM users
WHERE
username = :username
LIMIT 1
');
$sth->bindParam(':username', $username);
$sth->execute();
$user = $sth->fetch(PDO::FETCH_OBJ);
// Hashing the password with its hash as the salt returns the same hash
if ( hash_equals($user->hash, crypt($password, $user->hash)) ) {
// Ok!
}else{
//user not found
}
我不知道发生了什么,我只是搜索这个函数,但它却给我带来了问题。谢谢!
(PHP 5 >= 5.6.0)
如果您的版本早于 5.6.0,则不会内置此功能。
使用 phpinfo() 并检查您的 PHP 版本。 PHP 5.6 之前的版本没有内置 hash_equals 函数。升级到最新版本 PHP(或至少到 5.6)以使用此功能。
在 php.net 文档中,我们可以找到旧 php 版本的替代函数:
if(!function_exists('hash_equals'))
{
function hash_equals($str1, $str2)
{
if(strlen($str1) != strlen($str2))
{
return false;
}
else
{
$res = $str1 ^ $str2;
$ret = 0;
for($i = strlen($res) - 1; $i >= 0; $i--)
{
$ret |= ord($res[$i]);
}
return !$ret;
}
}
}
否则,您可以使用这个库:https://github.com/ircmaxell/password_compat
if(!function_exists('hash_equals'))
{
function hash_equals($a,$b){
/***
* special delay incrementing dos robust comparator
*/
$ip_one = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ip_two = $_SERVER['REMOTE_ADDR'];
$db = new SQLdb();
$counter = $db->quickquery("SELECT count(*) FROM dos WHERE (ip='".$ip_one."' OR ip='".$ip_two."') AND recent_datetime >= DATE_SUB(NOW(), INTERVAL 1 HOUR)");
if ($counter > 5) {
sleep($counter *2);
}
if ($a!=b){
$db->quickquery("INSERT INTO dos (ip, recent_datetime) VALUES ('".$ip_one."', now())");
$db->quickquery("INSERT INTO dos (ip, recent_datetime) VALUES ('".$ip_two."', now())");
return false;
}
else{
return true;
}
}
}
这可能更好 - 您需要一个名为 dos 的小型 table,包含 2 列(ip text、recent_datetime datetime),并且您绝对应该索引 recent_datetime。并添加您自己的 sql 引擎。我没有预先准备 mysql 语句。它清晰易读,如果您愿意,可以将其视为伪代码。所以冷静下来。你的生命不会结束。我非常怀疑你能否注入服务器 ip 地址变量,如果你能的话,Zend 就是木偶。反正我跑题了。
你会得到一个身份验证锤保护,这是相当不错的。
取自 Facebook sdk 的解决方案: https://github.com/facebook/php-graph-sdk/blob/5.x/src/Facebook/polyfills.php
/**
* Copyright 2017 Facebook, Inc.
*
* You are hereby granted a non-exclusive, worldwide, royalty-free license to
* use, copy, modify, and distribute this software in source code or binary
* form for use in connection with the web services and APIs provided by
* Facebook.
*
* As with any software that integrates with the Facebook platform, your use
* of this software is subject to the Facebook Developer Principles and
* Policies [http://developers.facebook.com/policy/]. This copyright notice
* shall be included in all copies or substantial portions of the software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
*/
/**
* @see https://github.com/sarciszewski/php-future/blob/master/src/Security.php#L37-L51
*/
if (!function_exists('hash_equals')) {
function hash_equals($knownString, $userString)
{
if (function_exists('mb_strlen')) {
$kLen = mb_strlen($knownString, '8bit');
$uLen = mb_strlen($userString, '8bit');
} else {
$kLen = strlen($knownString);
$uLen = strlen($userString);
}
if ($kLen !== $uLen) {
return false;
}
$result = 0;
for ($i = 0; $i < $kLen; $i++) {
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
}
// They are only identical strings if $result is exactly 0...
return 0 === $result;
}
}