Convert php to kodular

i have php code

<?php $member = $_GET['member']; $password = $_GET['password']; $sign = base64_encode(sha1('Login|'.$member.'|'.$password.'',true)); echo$sign ?>

auth.zip (263 Bytes)

the result is different, anyone can help
Thanks

1 Like

Welcome,

What is different?

with php the result is :

with kodular the result…

If I had to guess, it’s probably the Properties on the Cryptography component vs. whatever version of PHP you’re using. I have PHP 5 and 7 installed on my home server, and I’m getting identical output using username “test” and password “4fhuu”

I’m in the middle of getting ready to leave the house, so I can’t test this out directly, but here are some tips in the meantime:

  • If your app isn’t talking to a php server, it probably doesn’t matter if the output is different. Meaning: let’s say you have yourwebsite.com, and you already have 100 users stored in a database on your website. If this app if accessing your website, you probably want the output from your website, and the output from your app to match. Otherwise, it won’t matter.

$_GET request & $_POST requests show up in your address bar. I would highly recommend looking into these topics:

  1. MVC (Model View Controller). You can create your own, or use an existing one.
  2. Learning about how to create an MVC will also teach you more about htacess

When you learn these two things, your address bar will look like this:
yourwebsite.com/user/signin

Instead of like this: yourwebsite.com?login&user=test&password=123

Hope that helps

PS: out of curiosity, is there a reason why you’re using base64 and sha1 together?

6 Likes

UPDATE:

So, I tested this by just hard coding in “hello world”.
My PHP output was: Kq5sNclPz7QV2+lfQIuc6R7oRu0=

Using the same Cryptography component in Kodular to base64(sha1(‘hello world’)), the output looks like this (it’s actually too long to type) MWI0OTk4Zm… (but obviously, you can see, I’m not getting the same output)

And my guess is that you can change the Properties for this component to use identical keys, but that would require additional research to make sure you’re doing the right thing.

The actual PHP Documentation states this for sha1 and md5

Warning

It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.

However
Assuming you want the results to match (on your server and on your app) you can totally do that with md5. Something like this:

$sign = md5('hello world');
or
$sign = base64_encode(md5('hello world'));

and also like this:

You should get the same output for both

So that could be an easy work around for now, but I would also recommend reading the php docs and playing around more with the crypto component

5 Likes