i have php code
<?php $member = $_GET['member']; $password = $_GET['password']; $sign = base64_encode(sha1('Login|'.$member.'|'.$password.'',true)); echo$sign ?>auth.zip (263 Bytes)
the result is different, anyone can help
Thanks
i have php code
<?php $member = $_GET['member']; $password = $_GET['password']; $sign = base64_encode(sha1('Login|'.$member.'|'.$password.'',true)); echo$sign ?>auth.zip (263 Bytes)
the result is different, anyone can help
Thanks
Welcome,
What is different?
If I had to guess, itâs probably the Properties on the Cryptography component vs. whatever version of PHP youâre using. I have PHP 5 and 7 installed on my home server, and Iâm getting identical output using username âtestâ and password â4fhuuâ
Iâm in the middle of getting ready to leave the house, so I canât test this out directly, but here are some tips in the meantime:
$_GET request & $_POST requests show up in your address bar. I would highly recommend looking into these topics:
When you learn these two things, your address bar will look like this:
yourwebsite.com/user/signin
Instead of like this: yourwebsite.com?login&user=test&password=123
Hope that helps
PS: out of curiosity, is there a reason why youâre using base64 and sha1 together?
UPDATE:
So, I tested this by just hard coding in âhello worldâ.
My PHP output was: Kq5sNclPz7QV2+lfQIuc6R7oRu0=
Using the same Cryptography component in Kodular to base64(sha1(âhello worldâ)), the output looks like this (itâs actually too long to type) MWI0OTk4Zm⌠(but obviously, you can see, Iâm not getting the same output)
And my guess is that you can change the Properties for this component to use identical keys, but that would require additional research to make sure youâre doing the right thing.
The actual PHP Documentation states this for sha1 and md5
Warning
It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.
However
Assuming you want the results to match (on your server and on your app) you can totally do that with md5. Something like this:
$sign = md5('hello world');
or
$sign = base64_encode(md5('hello world'));
and also like this:
You should get the same output for both
So that could be an easy work around for now, but I would also recommend reading the php docs and playing around more with the crypto component