1<?php 2/** 3 * Copyright 2017 Facebook, Inc. 4 * 5 * You are hereby granted a non-exclusive, worldwide, royalty-free license to 6 * use, copy, modify, and distribute this software in source code or binary 7 * form for use in connection with the web services and APIs provided by 8 * Facebook. 9 * 10 * As with any software that integrates with the Facebook platform, your use 11 * of this software is subject to the Facebook Developer Principles and 12 * Policies [http://developers.facebook.com/policy/]. This copyright notice 13 * shall be included in all copies or substantial portions of the software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 * DEALINGS IN THE SOFTWARE. 22 * 23 */ 24 25/** 26 * @see https://github.com/sarciszewski/php-future/blob/master/src/Security.php#L37-L51 27 */ 28if (!function_exists('hash_equals')) { 29 function hash_equals($knownString, $userString) 30 { 31 if (function_exists('mb_strlen')) { 32 $kLen = mb_strlen($knownString, '8bit'); 33 $uLen = mb_strlen($userString, '8bit'); 34 } else { 35 $kLen = strlen($knownString); 36 $uLen = strlen($userString); 37 } 38 if ($kLen !== $uLen) { 39 return false; 40 } 41 $result = 0; 42 for ($i = 0; $i < $kLen; $i++) { 43 $result |= (ord($knownString[$i]) ^ ord($userString[$i])); 44 } 45 46 // They are only identical strings if $result is exactly 0... 47 return 0 === $result; 48 } 49} 50