Closed tmazeika closed 9 years ago
@lukegb wrote it so you're right that I have no idea how it works :P
$res |= ord($str1[$i]) ^ ord($str2[$i]);
Which means $res = $res OR (char in string 1 XOR equals char in string 2)
?
If $res = 1 from a previous character match, won't $res always equal 1?
The annoying part is that all the code is supposed to do AFAICS is compare two strings in constant time. Isn't hash_equals or even this simpler?
$res = false;
for ($i = 0; $i < strlen($str1); $i++) {
$res = ($res) && ($str1[$i] === $str2[$i]);
}
return $res;
The function also returns if the string lengths are different which probably gives away the signature length :(
lol768 couldn't understand this code so we deleted it.