A WordPress-centric search engine for devs and theme authors



hash_equals ›

Since3.9.2
Deprecatedn/a
hash_equals ( $a, $b )
Parameters: (2)
  • (string) $a Expected string.
    Required: Yes
  • (string) $b Actual, user supplied, string.
    Required: Yes
Returns:
  • (bool) Whether strings are equal.
Defined at:
Codex:

Timing attack safe string comparison

Compares two strings using the same time whether they're equal or not.

This function was added in PHP 5.6.

Note: It can leak the length of a string when arguments of differing length are supplied.



Source

function hash_equals( $a, $b ) {
		$a_length = strlen( $a );
		if ( $a_length !== strlen( $b ) ) {
			return false;
		}
		$result = 0;

		// Do not attempt to "optimize" this.
		for ( $i = 0; $i < $a_length; $i++ ) {
			$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
		}

		return $result === 0;
	}
endif;

// JSON_PRETTY_PRINT was introduced in PHP 5.4
// Defined here to prevent a notice when using it with wp_json_encode()
if ( ! defined( 'JSON_PRETTY_PRINT' ) ) {
	define( 'JSON_PRETTY_PRINT', 128 );
}