1.16.x bootstrap.inc backdrop_hmac_base64($data, $key)
1.18.x bootstrap.inc backdrop_hmac_base64($data, $key)
1.17.x bootstrap.inc backdrop_hmac_base64($data, $key)

Calculates a base-64 encoded, URL-safe sha-256 hmac.


string $data: String to be validated with the hmac.

string $key: A secret string key.

Return value

string: A base-64 encoded sha-256 hmac, with + replaced with -, / with _ and any = padding characters removed.


includes/bootstrap.inc, line 2871
Functions that need to be loaded on every Backdrop request.


function backdrop_hmac_base64($data, $key) {
  // Casting $data and $key to strings here is necessary to avoid empty string
  // results of the hash function if they are not scalar values. As this
  // function is used in security-critical contexts like token validation it is
  // important that it never returns an empty string.
  $hmac = base64_encode(hash_hmac('sha256', (string) $data, (string) $key, TRUE));
  // Modify the hmac so it's safe to use in URLs.
  return strtr($hmac, array('+' => '-', '/' => '_', '=' => ''));