Vergleich inc/functions_user.php - 1.8.17 - 1.8.19

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 246Zeile 246
		$password_fields = create_password($password, $user['salt'], $user);

return my_hash_equals($user['password'], $password_fields['password']);

		$password_fields = create_password($password, $user['salt'], $user);

return my_hash_equals($user['password'], $password_fields['password']);

	}
}

/**
* Performs a timing attack safe string comparison.
*
* @param string $known_string The first string to be compared.
* @param string $user_string The second, user-supplied string to be compared.
* @return bool Result of the comparison.
*/
function my_hash_equals($known_string, $user_string)
{
if(version_compare(PHP_VERSION, '5.6.0', '>='))
{
return hash_equals($known_string, $user_string);
}
else
{
$known_string_length = my_strlen($known_string);
$user_string_length = my_strlen($user_string);

if($user_string_length != $known_string_length)
{
return false;
}

$result = 0;

for($i = 0; $i < $known_string_length; $i++)
{
$result |= ord($known_string[$i]) ^ ord($user_string[$i]);
}

return $result === 0;

 
	}
}


	}
}