Reputation: 1701
Testing if string is sha1 in PHP
I'm planning on storing the passwords as a sha1, so I need a way to validate that it is a sha1 at another point in my website. I was planning on using preg_match, but I do not know how to make regex patterns. Could someone help me out with one?
Thanks
Edit: I am not trying to see if two hashes match.
Upvotes: 15
Views: 14744
Answers (3)
Reputation: 95334
Actually, you can use preg_match() to make sure it's a 40 characters hexadecimal string as such:
function is_sha1($str) {
return (bool) preg_match('/^[0-9a-f]{40}$/i', $str);
}
To explain the pattern:
/ Opening Delimiter
^ Start Of String Anchor
[0-9a-f] Any of the following characters: 0123456789abcdef
{40} Repeated 40 times
$ End Of String Anchor
/ Closing Delimiter
i Modifier: Case-Insensitive Search
If you are trying to make sure that the sha1() hash matches the password the user provider, you simply rehash like this:
if($db_hash == sha1($user_provided_pass))
echo "Password is correct!";
Upvotes: 52
Reputation: 6025
ctype_xdigit is much faster. I typically use hashes for lookups and find it very useful.
Upvotes: 10
Reputation: 387587
When comparing two SHA1 hashes, and you know that the first one is one (because it comes out of the database), then just assume that the second is a SHA1 value as well. You are only interested if two hashes match or not. If one of the compared values is not a possible SHA1 value, then it's particulary not the same as the one in the database. And that's all you need to know.
Upvotes: 0
Related Questions
- PHP: How can I generate a hmac SHA1 signature of a string?
- How to decrypt sha1 in php?
- how to match sha256 output
- How to check if string is a valid sha256 hash in PHP?
- sha1() for Password hashing
- How to filter and recognise hash strings in PHP?
- Sha 1 php, possible variations and regex
- Check if string is a hash
- Help with SHA1 or MD5 in PHP
- Why is my SHA1 hash not matching?