PHP Class ElggCrypto, Elgg

Show file Open project: elgg/elgg Class Usage Examples

Public Methods

Method	Description
__construct ( SiteSecret $site_secret = null )	Constructor
areEqual ( string $str1, string $str2 ) : boolean	Are two strings equal (compared in constant time)?
getHmac ( mixed $data, string $algo = 'sha256', string $key = '' ) : Elgg\Security\Hmac	Get an HMAC token builder/validator object
getRandomBytes ( integer $length ) : string	Generate a string of highly randomized bytes (over the full 8-bit range).
getRandomString ( integer $length, string \| null $chars = null ) : string	Generate a random string of specified length.

Protected Methods

Method	Description
strlen ( string $binary_string ) : integer	Count the number of bytes in a string

Method Details

__construct() public method

Constructor

public __construct ( SiteSecret $site_secret = null )
$site_secret	Elgg\Database\SiteSecret	Secret service

areEqual() public method

Are two strings equal (compared in constant time)?

Author: Anthony Ferrara ([email protected])

public areEqual ( string $str1, string $str2 ) : boolean
$str1	string	First string to compare
$str2	string	Second string to compare
return	boolean	Based on password_verify in PasswordCompat

getHmac() public method

Get an HMAC token builder/validator object

public getHmac ( mixed $data, string $algo = 'sha256', string $key = '' ) : Elgg\Security\Hmac
$data	mixed	HMAC data or serializable data
$algo	string	Hash algorithm
$key	string	Optional key (default uses site secret)
return	Elgg\Security\Hmac

getRandomBytes() public method

Generate a string of highly randomized bytes (over the full 8-bit range).

See link: Original Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Author: George Argyros ([email protected])

public getRandomBytes ( integer $length ) : string
$length	integer	Number of bytes needed
return	string	Random bytes

getRandomString() public method

Uses supplied character list for generating the new string. If no character list provided - uses Base64 URL character set.

See also: https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179

public getRandomString ( integer $length, string \| null $chars = null ) : string
$length	integer	Desired length of the string
$chars	string \| null	Characters to be chosen from randomly. If not given, the Base64 URL charset will be used.
return	string	The random string

strlen() protected method

We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. In this case, strlen() will count the number of *characters* based on the internal encoding. A sequence of bytes might be regarded as a single multibyte character. Use elgg_strlen() to count UTF-characters instead of bytes.

Author: Anthony Ferrara ([email protected])

protected strlen ( string $binary_string ) : integer
$binary_string	string	The input string
return	integer	The number of bytes From PasswordCompat\binary\_strlen