InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

Menu
  • Home
  • Sitemap

Python Programming Language Best Tutorials and Code Examples

Learn Python Right Now!
Home
PHP
Verifying Data with Hashes in PHP
PHP

Verifying Data with Hashes in PHP

InfinityCoder December 21, 2016

You want to make sure users don’t alter data you’ve sent them in a cookie or form element.

Along with the data, send a “message digest” hash of the data that uses a salt. When you receive the data back, compute the hash of the received value with the same salt.

If they don’t match, the user has altered the data. Here’s how to generate a hash in a hidden form field:

1
2
3
4
5
6
7
8
9
10
11
<?php
 
/* Define a salt. */
define('SALT', 'flyingturtle');
 
$id = 1337;
$idcheck = hash_hmac('sha1', $id, SALT);
 
?>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<input type="hidden" name="idcheck" value="<?php echo $idcheck; ?>" />

Here’s how to verify the hidden form field data when it’s submitted:

1
2
3
4
5
6
7
8
9
10
11
/* Initialize an array for filtered data. */
$clean = array();
 
/* Define a salt. */
define('SALT', 'flyingturtle');
 
if (hash_hmac('sha1', $_POST['id'], SALT) === $_POST['idcheck']) {
   $clean['id'] = $_POST['id'];
} else {
   /* Error */
}

When processing the submitted form data, compute the hash of the submitted value of $_POST[‘id’] with the same salt. If it matches $_POST[‘idcheck’], the value of $_POST[‘id’] has not been altered by the user.

If the values don’t match, you know that the value of $_POST[‘id’] you received is not the same as the one you sent.

 

To use the same hashing technique with a cookie, add it to the cookie value with implode():

1
2
3
4
5
6
7
8
/* Define a salt. */
define('SALT', 'flyingturtle');
 
$name = 'Ellen';
 
$namecheck = hash_hmac('sha1', $name, SALT);
 
setcookie('name', implode('|',array($name, $namecheck)));

Parse the hash from the cookie value with explode():

1
2
3
4
5
6
7
8
9
10
/* Define a salt. */
define('SALT', 'flyingturtle');
 
list($cookie_value, $cookie_check) = explode('|', $_COOKIE['name'], 2);
 
if (hash_hmac('sha1', $cookie_value, SALT) === $cookie_check) {
   $clean['name'] = $cookie_value;
} else {
   /* Error */
}

Using a data verification hash in a form or cookie obviously depends on the salt used in hash computation.

If a malicious user discovers your salt, the hash offers no protection. Besides guarding the salt zealously, changing it frequently is a good idea.

For an additional layer of protection, use different salts, choosing the specific salt to use in the hash based on some property of the $id value (10 different words selected by $id%10, for example).

That way, the damage is slightly mitigated if one of the words is compromised.

Share
Tweet
Email
Prev Article
Next Article

Related Articles

Formatting Monetary Values in PHP
You have a number and you want to print it …

Formatting Monetary Values in PHP

Reading and Writing Custom File Types in PHP
You want to use PHP’s standard file access functions to …

Reading and Writing Custom File Types in PHP

About The Author

InfinityCoder
InfinityCoder

Leave a Reply

Cancel reply

Recent Tutorials InfinityQuest

  • Adding New Features to bash Using Loadable Built-ins in bash
    Adding New Features to bash Using Loadable …
    June 27, 2017 0
  • Getting to the Bottom of Things in bash
    Getting to the Bottom of Things in …
    June 27, 2017 0

Recent Comments

  • fer on Turning a Dictionary into XML in Python
  • mahesh on Turning a Dictionary into XML in Python

Categories

  • Bash
  • PHP
  • Python
  • Uncategorized

InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

About Us

Start learning your desired programming language with InfinityQuest.com.

On our website you can access any tutorial that you want with video and code examples.

We are very happy and honored that InfinityQuest.com has been listed as a recommended learning website for students.

Popular Tags

binary data python CIDR convert string into datetime python create xml from dict python dictionary into xml python how to create xml with dict in Python how to write binary data in Python IP Address read binary data python tutorial string as date object python string to datetime python

Archives

  • June 2017
  • April 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
Copyright © 2021 InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more
Programming Tutorials | Sitemap