$authKey = $this->lockServers[$lockSrv]['authKey'];
// Build of the command as a flat string...
$values = implode( '|', $values );
- $key = sha1( $this->session . $action . $type . $values . $authKey );
+ $key = hash_hmac( 'sha1', "{$this->session}\n{$action}\n{$type}\n{$values}", $authKey );
// Send out the command...
if ( fwrite( $conn, "{$this->session}:$key:$action:$type:$values\n" ) === false ) {
return false;
$m = explode( ':', $data ); // <session, key, command, type, values>
if ( count( $m ) == 5 ) {
list( $session, $key, $command, $type, $values ) = $m;
- if ( sha1( $session . $command . $type . $values . $this->authKey ) !== $key ) {
+ $goodKey = hash_hmac( 'sha1',
+ "{$session}\n{$command}\n{$type}\n{$values}", $this->authKey );
+ if ( $goodKey !== $key ) {
return 'BAD_KEY';
} elseif ( strlen( $session ) !== 32 ) {
return 'BAD_SESSION';