Combined with database: record file hashing for subsequent verification

In PHP, we can calculate the hash value of a large file through hash_update_stream to ensure the integrity of the file. Combined with the database record file hashing, you can quickly compare the hash value of the file when subsequent verification of the integrity of the file to ensure that the file has not been tampered with. This article will explain in detail how to implement this process.

1. Introduction to hash_update_stream function

The hash_update_stream function is used to calculate hash values ​​from a file stream. Compared with the method of loading files into memory at one time, using streaming processing can effectively save memory, which is particularly suitable for processing large files.

 bool hash_update_stream ( resource $context , resource $handle [, int $length ] )

• $context : hash context initialized by hash_init() .

• $handle : A valid file handle.

• $length (optional): The number of bytes read at one time, the default is 8192 bytes.

This function is usually used with hash_init() and hash_final() , which is used to return the final calculated hash value.

2. Process Overview

By using hash_update_stream , we can stream the hash calculation results of the file to the database. When verifying, we only need to recalculate the hash value of the file and compare it with the values ​​stored in the database to achieve file integrity verification.

Here are the brief steps of the entire process:

1. When uploading a file, the hash value of the file is calculated and stored in the database.

2. When verifying the file, the hash is read from the database and compared with the newly calculated hash.

3. If the two match, it means that the file has not been tampered with; otherwise, the integrity of the file will be questioned.

3. Implementation steps

1. Database structure design

First, design a simple database table to record file information and its hash values. We assume that there is already a files table in the database, with the structure as follows:

 CREATE TABLE `files` (
    `id` INT AUTO_INCREMENT PRIMARY KEY,
    `filename` VARCHAR(255) NOT NULL,
    `hash` CHAR(64) NOT NULL,
    `uploaded_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

filename stores the file name, hash stores the hash value of the file, uploaded_at records the upload time.

2. Calculate the hash value and save it when uploading the file

When a user uploads a file, we pass the file stream to hash_update_stream to calculate the hash value of the file and store the file name and its hash value into the database.

 <?php
// Assume file upload processing
if (isset($_FILES['file'])) {
    // Get information about uploading files
    $fileTmpPath = $_FILES['file']['tmp_name'];
    $fileName = $_FILES['file']['name'];

    // Initialize hash calculation
    $hashContext = hash_init('sha256');

    // Open the file stream
    $fileHandle = fopen($fileTmpPath, 'rb');

    // Calculate hash value
    while (!feof($fileHandle)) {
        // Update hash
        hash_update_stream($hashContext, $fileHandle);
    }

    // Get the final hash value
    $fileHash = hash_final($hashContext);

    // Save hash value into the database
    $db = new mysqli('localhost', 'root', '', 'file_db');
    $stmt = $db->prepare("INSERT INTO files (filename, hash) VALUES (?, ?)");
    $stmt->bind_param("ss", $fileName, $fileHash);
    $stmt->execute();

    // Close the file handle
    fclose($fileHandle);
}
?>

In this example, we use hash_init() to initialize a hash context of SHA-256, and then use hash_update_stream() to calculate the hash value of the uploaded file, and finally use hash_final() to obtain the hash value and store it in the database.

3. Verify file integrity

In the subsequent verification process, we can obtain the corresponding hash value from the database according to the file name and compare it with the hash value of the current file.

 <?php
// Assume file verification processing
$fileNameToVerify = 'example_file.txt'; // Assume that the file name needs to be verified
$filePath = '/path/to/files/' . $fileNameToVerify;

// Get the hash value in the database
$db = new mysqli('localhost', 'root', '', 'file_db');
$stmt = $db->prepare("SELECT hash FROM files WHERE filename = ?");
$stmt->bind_param("s", $fileNameToVerify);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$storedHash = $row['hash'];

// Calculate the hash value of the current file
$hashContext = hash_init('sha256');
$fileHandle = fopen($filePath, 'rb');
while (!feof($fileHandle)) {
    hash_update_stream($hashContext, $fileHandle);
}
$currentHash = hash_final($hashContext);
fclose($fileHandle);

// Comparing hash values ​​in the database with the currently calculated hash values
if ($currentHash === $storedHash) {
    echo "File integrity verification passed！";
} else {
    echo "File integrity verification failed！";
}
?>

During verification, we first get the hash value of the file from the database, then recalculate the hash value of the file, and finally compare. If the two hashes are the same, it means that the file has not been modified; if it is inconsistent, the file may have been tampered with.

4. Summary

By combining hash_update_stream and database logging file hash values, we can efficiently verify file integrity. Whether it is uploading files or subsequent verification, streaming hashing calculation can effectively reduce memory usage, and the hash records in the database provide reliable data support for subsequent verification.