garethhall Posted March 8, 2010 Share Posted March 8, 2010 I have this place on code that a developer has written for me. Can some tell me what "{ }" does where the function is called? <?php $_GET['compID'] = base64_decode($_GET['compID']); $_GET['fileID'] = base64_decode($_GET['fileID']); if($_GET['hash']!==secret_hash("{$_GET['fileID']}/{$_GET['compID']}")) exit('404 file not found.'); function secret_hash($var) { $secret = '[LI{]+]6W>z@Qj{Stjds~+E~t\]U0~6;hb}8+)`ENhle*49;4:wx5pbwYPKM&'; $algo = 'sha1'; return $algo($algo($var).$secret); } ?> Link to comment https://forums.phpfreaks.com/topic/194461-syntax-explanation/ Share on other sites More sharing options...
mikesta707 Posted March 8, 2010 Share Posted March 8, 2010 when you are using the value of one element in the array in a string (like in your example, which uses an element of the $_GET array as part of the string it passes to some function) , you can either use concatenation (something you may have seen, which looks like this:) echo "my name is " . $array['key'] . " and I greet you!"; the example you gave is the other way, which is to use curly braces "{}" to put the array element directly in the string. echo "helly my name is {$array['key']}"; its similar to using a regular variable straight in a string (delimited by double quotes) echo "hello my name is $name"; the reason you use curly braces is because just putting the array element in a string like so echo "hello my name is $array['key']"; is ambiguous. It can't decide whether to say the value of the array $array at the index 'key', or to say the value of a string $array with the literal string "['key']" next to it. Link to comment https://forums.phpfreaks.com/topic/194461-syntax-explanation/#findComment-1022832 Share on other sites More sharing options...
Andy-H Posted March 8, 2010 Share Posted March 8, 2010 <?php $myHash = base64_decode($_GET['fileID']); $myHash.= base64_decode($_GET['compID']); if($_GET['hash'] !== secret_hash($myHash)) exit('404 file not found.'); function secret_hash($var) { return sha1(sha1($var) . '[LI{]+]6W>z@Qj{Stjds~+E~t\]U0~6;hb}8+)`ENhle*49;4:wx5pbwYPKM&'); } ?> sha1 base64_encode base64_decode Either your developer is trying to hide the underlying functionality of the code from you, or protect your site from malicious users. From the looks of that code he is trying to protect the code from malicious users, as the code isn't too ambiguous and is really quite simple to understand and decode. Link to comment https://forums.phpfreaks.com/topic/194461-syntax-explanation/#findComment-1022853 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.