Solved

Could you point a PHP class that could give a file signature based on its content?

Posted on 2016-09-03
7
35 Views
Last Modified: 2016-09-04
Hi Experts

Could you point a PHP class that could give a file signature based on its content?

My purpose is to check when a file is uploaded if something has been changed on it from the first time
it was uploaded.

Thanks in advance.
0
Comment
Question by:Eduardo Fuerte
7 Comments
 
LVL 52

Assisted Solution

by:Julian Hansen
Julian Hansen earned 100 total points
ID: 41782838
Why not do

$hash = md5(file_get_contents($filename));

Open in new window

1
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 200 total points
ID: 41782898
I think we covered md5() before, right?  You don't need a class -- PHP has a built-in function
https://www.experts-exchange.com/questions/28967370/Could-you-point-a-PHP-library-you-know-to-UPLOAD-a-file-to-a-server-with-some-kind-of-audit-trail.html#a41781762

MD5 strings are identical for identical inputs.  So if you read file#1 and make the md5() hash, then read file#2 and make the md5() hash, you can compare these hashes to see if the files are the same.  If the hashes match the files are the same.

Of course, you could just compare the contents of the files, too.  So why would anyone compare only the md5() hash?  

One reason could be that the files are so large that you can only get one of them into memory at a time.  You would read one into a string variable, make the md5() hash, unset the string variable to free the memory, then read the second file, make the md5() hash and compare the hash strings.  Thus the md5 hash becomes a proxy for the contents of the files.

A more mainstream and probably more frequent use of md5() is in securing data communications.  Consider a data transport problem where the recipient does not have access to the original file, and would like to know that the data had not been damaged or tampered with.  The sender would create the md5() hash from a known "salt" string appended to the information payload.  The recipient would take the payload, add the salt and create another md5() string.  If the strings match, the data is intact.
0
 

Author Comment

by:Eduardo Fuerte
ID: 41782903
@Ray
Sorry
That time I couldn't read all your posts with the attention it desires!
I'm in a hurry, having to attend a dificult test that have to be sent until next monday 08 o'clock in the morning!  So it will be carefully read after.

@Julian
I guess what you point is a adequated solution - just a .pdf that when updated produces this warning
but the file is uploaded and the "signature" is ok.

img001
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 200 total points
ID: 41782905
You should be exact on what you really want, because the term signature points in two totally different directions.

A file signature is a valid term more commonly known as a file checksum, any checksum or hash algorithm qualifies for this need, even those disqualifying for password hashing still are good enough for file checksums.

But there also is the topic of signing files, not only about the file being untouched and/or completely transferred, but also about identifying who signed a file, eg when you sign a pdf for upload to revenue office/service.

If this is about what Ray pointed back to, its hashing a file. Other reasoning why you don't only profit from hashing over comparing full files is not only about their size, once you know and store a hash, you can compare it to future uploads, also for faster computation and still checking the completeness of file uploads, you might hash just the first 1KB and last 1KB of a file, so your memory consumtion is less and the hash is computed faster. The most common upload errors are double upload and incomplete upload. For these two cases only taking a partial file hash is sufficient.

Bye, Olaf.
1
 

Author Comment

by:Eduardo Fuerte
ID: 41782907
@Olaf

Hi

I'm not sure I completelly understand what you posted.
But since it's not a "prodution" algorithm - is just to attend a test,  I guess  Julian solution it's sufficient by now, ok?
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 41782917
On the assumption you don't want to sign for knowing the authentic source of the file (eg the vendor of a software), an md5 is sufficient to check the file is same or differs.

Bye, Olaf.
1
 

Author Closing Comment

by:Eduardo Fuerte
ID: 41783620
Thank you for so qualified assistance!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now