i have php code
<?php $member = $_GET['member']; $password = $_GET['password']; $sign = base64_encode(sha1('Login|'.$member.'|'.$password.'',true)); echo$sign ?>auth.zip (263 Bytes)
the result is different, anyone can help
Thanks
i have php code
<?php $member = $_GET['member']; $password = $_GET['password']; $sign = base64_encode(sha1('Login|'.$member.'|'.$password.'',true)); echo$sign ?>auth.zip (263 Bytes)
the result is different, anyone can help
Thanks
Welcome,
What is different?
If I had to guess, it’s probably the Properties on the Cryptography component vs. whatever version of PHP you’re using. I have PHP 5 and 7 installed on my home server, and I’m getting identical output using username “test” and password “4fhuu”
I’m in the middle of getting ready to leave the house, so I can’t test this out directly, but here are some tips in the meantime:
$_GET request & $_POST requests show up in your address bar. I would highly recommend looking into these topics:
When you learn these two things, your address bar will look like this:
yourwebsite.com/user/signin
Instead of like this: yourwebsite.com?login&user=test&password=123
Hope that helps
PS: out of curiosity, is there a reason why you’re using base64 and sha1 together?
UPDATE:
So, I tested this by just hard coding in “hello world”.
My PHP output was: Kq5sNclPz7QV2+lfQIuc6R7oRu0=
Using the same Cryptography component in Kodular to base64(sha1(‘hello world’)), the output looks like this (it’s actually too long to type) MWI0OTk4Zm… (but obviously, you can see, I’m not getting the same output)
And my guess is that you can change the Properties for this component to use identical keys, but that would require additional research to make sure you’re doing the right thing.
The actual PHP Documentation states this for sha1 and md5
Warning
It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.
However
Assuming you want the results to match (on your server and on your app) you can totally do that with md5. Something like this:
$sign = md5('hello world');
or
$sign = base64_encode(md5('hello world'));
and also like this:
You should get the same output for both
So that could be an easy work around for now, but I would also recommend reading the php docs and playing around more with the crypto component