从hmac函数中得不到输出

I want to use hmac to authenticate a user by email The hmac will be stored in the database along with the userid.

  • Do I also need to store the $payload for decryption as well?

Am I doing it right?

I don't get any string in the url querystring?

This is my testpage with the following

$secret = "dfjhglkhniuh65645";
$payload= "234|somedata";

$hmac = hash_hmac("sha2", $payload, $secret, true);
//$hmac = base64_encode($hmac);
if (! function_exists("hash_hmac")) {
    echo "hmac function does not exist";
}
$uri="test.php?hash=$hmac";

if(!isset($_GET['hash'])){
    header('location: ' . $uri);
    exit();
}
echo "testpage<br><br>";
if(isset($_GET['hash']) && !empty($_GET['hash']))
{
    $sig = $_GET['hash'];
    $expected_sig = hash_hmac("sha2", $payload, $secret, true);
    if($expected_sig === $sig)echo "verification succeeded";

}
php

1个回答

These are the possible values for hashing algorithms. http://www.php.net/manual/en/function.hash-algos.php

I moved your code a little bit, and got rid of the raw output for hash_hmac (not sure why you wanted that) and it works for me.

<?php

if (!function_exists("hash_hmac")) {
    echo "hmac function does not exist";
    die();
}

$secret = "dfjhglkhniuh65645";
$payload = "234|somedata";

$hmac = hash_hmac('sha256', $payload, $secret);
$uri = "test.php?hash=$hmac";

if (!isset($_GET['hash'])) {
    header('location: ' . $uri);
    exit();
}

echo "testpage<br><br>";
if (isset($_GET['hash']) && !empty($_GET['hash'])) {
    $sig = $_GET['hash'];
    $expected_sig = hash_hmac("sha256", $payload, $secret);
    if ($expected_sig === $sig) {
        echo "verification succeeded";
    }
}
dongsi7759
dongsi7759 谢谢你,但是你还要保存有效载荷,是否在文档中?
6 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问