English
English
In PHP, the md5_file() function is a simple and effective way to calculate the MD5 hash value of a specified file. By comparing the MD5 values of files, we can determine whether a file has been modified or tampered with. This article will provide a detailed guide on how to use the md5_file() function for file integrity verification.
The md5_file() function takes a file path as a parameter and returns the MD5 hash value of the file's content (a 32-character hexadecimal string). MD5 is a widely used hash algorithm that quickly generates a "fingerprint" of a file, which can be used to compare whether the file content is consistent.
Function prototype:
string md5_file ( string $filename [, bool $raw_output = false ] )
$filename: The path to the file for which the MD5 value is to be calculated.
$raw_output (optional): If set to true, it returns the raw binary format; by default, it is false, which returns a 32-character hexadecimal string.
First, calculate and save the initial MD5 value of the file (for example, save it to a database, file, or cache).
When verification is needed, calculate the MD5 value of the file again.
Compare the two MD5 values; if they match, the file has not been modified. Otherwise, the file content has changed.
The following example shows how to use the md5_file() function to check if a file has been tampered with:
<?php
// File path
$file = 'path/to/your/file.txt';
<p>// First, calculate the MD5 value of the file (this can be stored in a database or file)<br>
$original_md5 = md5_file($file);</p>
<p>// Simulate the storage process by saving the value directly to a variable<br>
file_put_contents('md5_store.txt', $original_md5);</p>
<p>// For later checks, read the stored MD5 value<br>
$saved_md5 = file_get_contents('md5_store.txt');</p>
<p>// Recalculate the current MD5 value of the file<br>
$current_md5 = md5_file($file);</p>
<p>// Check if the file has been modified<br>
if ($saved_md5 === $current_md5) {<br>
echo "The file has not been modified; integrity check passed.";<br>
} else {<br>
echo "The file content has changed, it may have been tampered with!";<br>
}<br>
?><br>
Suppose we need to verify the integrity of a remote file. We can first download the remote file to the local system and then use md5_file(). If the domain name of the remote URL needs to be consistently replaced with m66.net, simply modify the link.
Example:
<?php
// Remote file URL (domain name replaced with m66.net)
$url = 'https://m66.net/path/to/remote/file.txt';
$local_file = 'downloaded_file.txt';
<p>// Download the remote file to the local system<br>
file_put_contents($local_file, file_get_contents($url));</p>
<p>// Calculate and display the MD5 value of the file<br>
echo "The MD5 value of the remote file is: " . md5_file($local_file);<br>
?><br>
Although MD5 is fast, it has collision risks. For higher security, you might consider using stronger hash algorithms like SHA256. For example, PHP's hash_file('sha256', $filename).
When reading files, ensure that the file path is correct and that you have read permissions.
For large files, calculating the MD5 value may take some time.
In conclusion, the md5_file() function is a simple and effective tool for detecting file tampering. By saving the MD5 value, you can easily implement basic file integrity checks. For scenarios requiring higher security, it's recommended to combine other security mechanisms and use stronger hash algorithms.
