public validateData ( string $data, string $key, boolean $rawHash = false ) : string | ||
$data | string | the data to be validated. The data must be previously generated by [[hashData()]]. |
$key | string | the secret key that was previously used to generate the hash for the data in [[hashData()]]. function to see the supported hashing algorithms on your system. This must be the same as the value passed to [[hashData()]] when generating the hash for the data. |
$rawHash | boolean | this should take the same value as when you generate the data using [[hashData()]]. It indicates whether the hash value in the data is in binary format. If false, it means the hash value consists of lowercase hex digits only. hex digits will be generated. |
return | string | the real data with the hash stripped off. False if the data is tampered. |
public function validateData($data, $key, $rawHash = false)
{
$test = @hash_hmac($this->macHash, '', '', $rawHash);
if (!$test) {
throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . $this->macHash);
}
$hashLength = StringHelper::byteLength($test);
if (StringHelper::byteLength($data) >= $hashLength) {
$hash = StringHelper::byteSubstr($data, 0, $hashLength);
$pureData = StringHelper::byteSubstr($data, $hashLength, null);
$calculatedHash = hash_hmac($this->macHash, $pureData, $key, $rawHash);
if ($this->compareString($hash, $calculatedHash)) {
return $pureData;
}
}
return false;
}