How to convert Python encryption to PHP?

Asked

Viewed 276 times

5

I wonder if it is possible to convert this encryption to the PHP language, I need to convert the passwords that were generated to be accepted in my Login system on the site, but I do not know how to do.

I have a database with passwords generated with this encryption in Python:

Python code:

password = "senha do usuario na DB"    
base64.b64encode(hashlib.sha256(hashlib.sha256(password).hexdigest() + "\xf7\x1a\xa6\xde\x8f\x17v\xa8\x03\x9d2\xb8\xa1V\xb2\xa9>\xddC\x9d\xc5\xdd\xceV\xd3\xb7\xa4\x05J\r\x08\xb0").digest())

Login Code in PHP:

<?php
if (isset($_REQUEST['iniciar'])) {
    $usuario = $_REQUEST['usuario'];
    $password = $_REQUEST['senha'];

    $sql = $conexion->query("SELECT * FROM users WHERE Username='$usuario'");

    while ($login = $sql->fetch_assoc()) {
        $usuarioDB = $login['Username'];
        $passwordDB = $login['Password2'];
    }
    if ($usuario == isset($usuarioDB) && password_verify($password, $passwordDB)) {
        $_SESSION['logged'] = "Logged";
        $_SESSION['usuario'] = $usuarioDB;
        $_SESSION['senha'] = $passwordDB;
        header("Location: index.php");
    } elseif ($usuario !== isset($usuarioDB)) {
        echo "<div class='error'><span>Login inválido.</span></div>";
    } elseif (password_verify($password, $passwordDB) === FALSE) {
        echo "<div class='error'><span>Senha inválida.</span></div>";
    }
}
?>

Thanks for any help!

php python login hash

1 answer

8


I understand that the excerpt from your Python code "\xf7\x1a\xa6\xde\x8f\x17v\xa8\x03\x9d2\xb8\xa1V\xb2\xa9>\xddC\x9d\xc5\xdd\xceV\xd3\xb7\xa4\x05J\r\x08\xb0" be a salt.

So, first, it should be stored in PHP.

$salt = "\xf7\x1a\xa6\xde\x8f\x17v\xa8\x03\x9d2\xb8\xa1V\xb2\xa9>\xddC\x9d\xc5\xdd\xceV\xd3\xb7\xa4\x05J\r\x08\xb0";

The second detail is that the function password_verify internally uses a function-generated encryption crypt internally. However, as in Python you are using the hash sha256, I believe the correct approach would be to use the function hash PHP with the first argument being sha256.

I also noticed that in Python is used the base64 to generate the hash. In this case you will need the PHP function to do something similar, which is base64_encode.

Behold:

$hash = hash('sha256', hash('sha256', $password) . $salt));

base64_encode($hash) === $login['Password2']

Note: Perhaps for the sake of interpreting your salt (which appears to be in hexadecimal) should be storing in a variable using double quotes, since the \x is interpreted differently by PHP in such cases.

  • I remade it this way and it worked! Thank you very much!

  • Why the -1? I don’t understand

  • I was supposed to click +1, I mistakenly clicked -1 I think, and now I can’t reverse...

  • 1

    @Devdansh can do it. Just click on +1 :p

  • I clicked, the following message appears: "Thanks for the feedback! Votes of users with less than 15 reputation are registered, but do not change the score shown in the post."

  • @Devdansh was not you who voted negative, friend. Rest assured. Glad the answer helped :p

  • What a fright! Haha, thanks bro!

  • Let’s go continue this discussion in chat.

  • 1

    Python code calls sha256 function twice.. The proposed response should reflect this. Moreover, the contents of a string with Xhh prefixes in Python is very clear - there must be some correct way to create a similar string in PHP without needing to 'think this is equivalent' - even if it is a function that has a loop that applies several times Chr(hexdec(characters)) and concatenate the results.

  • @jsbueno you are right. The sha256 is actually called twice, but now I’m surprised the AR said it worked, and also I made a mistake when I put + instead of placing the concatenation operator that is the ..

Show 5 more comments

Browser other questions tagged php python login hash

You are not signed in. Login or sign up in order to post.