我想使用hmac通过电子邮件验证用户身份 hmac将与userid一起存储在数据库中。
$payload以进行解密?我做得对吗?
我在url querystring中没有得到任何字符串?
这是我的测试页面,包含以下内容
$secret = "dfjhglkhniuh65645";
$payload= "234|somedata";
$hmac = hash_hmac("sha2", $payload, $secret, true);
//$hmac = base64_encode($hmac);
if (! function_exists("hash_hmac")) {
echo "hmac function does not exist";
}
$uri="test.php?hash=$hmac";
if(!isset($_GET['hash'])){
header('location: ' . $uri);
exit();
}
echo "testpage<br><br>";
if(isset($_GET['hash']) && !empty($_GET['hash']))
{
$sig = $_GET['hash'];
$expected_sig = hash_hmac("sha2", $payload, $secret, true);
if($expected_sig === $sig)echo "verification succeeded";
}
答案 0 :(得分:1)
这些是散列算法的可能值。 http://www.php.net/manual/en/function.hash-algos.php
我稍稍移动了你的代码,并删除了hash_hmac的原始输出(不知道为什么你想要那个),它对我有用。
<?php
if (!function_exists("hash_hmac")) {
echo "hmac function does not exist";
die();
}
$secret = "dfjhglkhniuh65645";
$payload = "234|somedata";
$hmac = hash_hmac('sha256', $payload, $secret);
$uri = "test.php?hash=$hmac";
if (!isset($_GET['hash'])) {
header('location: ' . $uri);
exit();
}
echo "testpage<br><br>";
if (isset($_GET['hash']) && !empty($_GET['hash'])) {
$sig = $_GET['hash'];
$expected_sig = hash_hmac("sha256", $payload, $secret);
if ($expected_sig === $sig) {
echo "verification succeeded";
}
}