3v4l.org

run code in 300+ PHP versions simultaneously
<?php // key which will sign the data $key = hash('sha256', 'Unique user data or Some secret'); // the data $array = [ 'foobar' => 'baz' ]; // encode the payload $json = json_encode($array); // sign it with key $token = hash_hmac('sha256', $json, $key); // set response header //header('X-Checksum: '.$token); //echo $json; ## This is how the receiver would verify the received data. // faked: this would be populated by the request/response $_POST['json'] = $json; $_SERVER['X-Checksum'] = $token; // verify the data matches token by signing the data with the key $check = hash_hmac('sha256', $_POST['json'], $key); if (hash_equals($token, $check)) { echo 'Verified'; } else { echo 'Tampered'; } // example tampered data $_POST['json'] = 'tampered'.$json; $check = hash_hmac('sha256', $_POST['json'], $key); if (hash_equals($token, $check)) { echo 'Verified'; } else { echo 'Tampered'; }
Output for git.master, git.master_jit, rfc.property-hooks
VerifiedTampered

This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.

Active branches

Archived branches

Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page

preferences:
56.4 ms | 401 KiB | 8 Q