diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-10-22 16:57:50 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-10-22 16:57:50 -0400 |
| commit | fad280f94b97799cf12a636b65f7f2288e8b3640 (patch) | |
| tree | 821234d51023b240cb38a0e8a04194ec73e75a4c /phpBB/phpbb/passwords/driver/helper.php | |
| parent | e43d1781bf17c9265f075dfc0cc38d807fe3b70e (diff) | |
| parent | cf9d1fbd1a7013f561a736b9fc2157b7f935b7d6 (diff) | |
| download | forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.gz forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.bz2 forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.xz forums-fad280f94b97799cf12a636b65f7f2288e8b3640.zip | |
Merge pull request #3056 from marc1706/ticket/13203
[ticket/13203] Use constant time comparison method for comparing password hashes
Diffstat (limited to 'phpBB/phpbb/passwords/driver/helper.php')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/helper.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/phpBB/phpbb/passwords/driver/helper.php b/phpBB/phpbb/passwords/driver/helper.php index 2b3ebce53a..caa65080ac 100644 --- a/phpBB/phpbb/passwords/driver/helper.php +++ b/phpBB/phpbb/passwords/driver/helper.php @@ -142,4 +142,24 @@ class helper } return $random; } + + /** + * Compare two strings byte by byte + * + * @param string $string_a The first string + * @param string $string_b The second string + * + * @return bool True if strings are the same, false if not + */ + public function string_compare($string_a, $string_b) + { + $difference = strlen($string_a) != strlen($string_b); + + for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++) + { + $difference |= $string_a[$i] != $string_b[$i]; + } + + return $difference === 0; + } } |