doc-en icon indicating copy to clipboard operation
doc-en copied to clipboard
verified publisher icon php

Add an example where the user string is a hash calculated from user submitted data

Open Rudloff opened this issue 6 months ago • 1 comments

From manual page: https://php.net/function.hash-equals

I feel like the example can be slightly confusing because the user provides both the hash to check and values used to calculate the known correct hash. And I'm not sure having both values provided by the user is that common, in my experience these scenarios are pretty common:

  • user provides values that are hashed and checked against a known hash stored in DB
  • user provides a hash and this hash is compared with another hash calculated from stored values

I think it could be useful to add examples that cover these scenarios.

Maybe something like this for user provided values:

$knowCorrectHash = '2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae';

if (hash_equals($knowCorrectHash, hash('sha256', $_POST['value1'].':'.$_POST['value2'])) {
    echo "The provided values are correct.", PHP_EOL;
} else {
    echo "Wrong value.", PHP_EOL;
}

And for a user provided hash:

$correctHash = hash('sha256', 'foo');

if (hash_equals($correctHash, $_GET['hash']) {
    echo "This is the correct hash.", PHP_EOL;
} else {
    echo "Wrong hash.", PHP_EOL;
}

Rudloff avatar Jul 11 '25 13:07 Rudloff