How to filter and recognise hash strings in PHP?

Question

At the beginning of every php script, I loop through the possible POST and GET inputs, filter them properly, so later when I need an input, I can use my custom, safe, filtered variable, (which is an array, that holds POSTS and GETS) and I do not have to touch $_GET and $_POST.

If the variable is a hash-value, either a 40 character SHA1, or a 64 character Adobe Stratus ID, how do I recognise them?

I do not want the user, to post some nonsense data.

Answer 1

you can match a SHA1 hash with a regex like :

/[0-9a-f]{40}/

in PHP :

foreach($_GET as $get) {
    if (preg_match('/[0-9a-f]{40}/i', $get)) {
        // do something
    }
}

Answer 2

To test whether a string is a x length hash value or not:

$x = 40
$string = "inputstring";
$boolResult = (preg_match('/^[0-9a-f]{'$x'}$/i', $string) == true) ? true : false;

Answer 3

When most of the hash sha , md5 etc returns hex format .. you can easily detect them using ctype_xdigit

if (ctype_xdigit($value)) {
    // It must be Hex
}

I don't know what Adobe Stratus ID looks like but you can easily validated that with preg_match too.

Some can also come in base64 you can also validated that with

if ( base64_encode(base64_decode($data)) === $data){
   // it must be base 64
}

Answer 4

I do not agree that you should avoid _POST and _GET access, but instead you should clean them where possible to avoid XSS. (https://en.wikipedia.org/wiki/Cross-site_scripting). CodeIgniter has a great security library you can pinch and plug into your own stuff.

Other than that, I'm not sure... but I think you are asking to decrypt hashed values from the session?