All URLs on Gravatar are based on the use of the hashed value of an email address. Images and profiles are both accessed via the hash of an email, and it is considered the primary way of identifying an identity within the system. To ensure a consistent and accurate hash, the following steps should be taken to create a hash:
- Trim leading and trailing whitespace from an email address
- Force all characters to lower-case
- hash the final string with SHA256
As an example, let’s say we start with “MyEmailAddress@example.com ” (note the trailing space which our hypothetical user entered by mistake). If we hash that string directly, we get the following (in PHP):
echo hash( 'sha256', 'MyEmailAddress@example.com ' ); // 'bbb8db824654275128ce09499cbbeff439840ae68f19f83861c243450dc1d6c7'
If we now run that same email address through the above process, you will see that we get a different result (again in PHP):
$email = trim( 'MyEmailAddress@example.com ' ); // 'MyEmailAddress@example.com' $email = strtolower( $email ); // 'email@example.com' echo hash( 'sha256', $email ); // '84059b07d4be67b806386c0aad8070a23f18836bbaae342275dc0a83414c32ee'
This can easily be combined into a single line:
echo hash( 'sha256', strtolower( trim( 'MyEmailAddress@example.com ' ) ) ); // '84059b07d4be67b806386c0aad8070a23f18836bbaae342275dc0a83414c32ee'