Friends my php 5.2 codes am keeping my password like this
echo '<br>'.base64_encode(mhash(MHASH_MD5,'test'));
result CY9rzUYh03PK3k6DJie09g==
In php 5.3 mhash extension is obsoleted by Hash like I saw in there documentation. So I tried like this. But its giving wrong result.
echo '<br>'.base64_encode(hash(MD5,'test'));
result MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
Please help me to convert my 5.2 mhash codes to 5.3.
Thanks
Actually, they are the same, only in a different format.
The first one is binary data, while the second one is hexadecimal.
You can convert the first one to the second using this function:
$second_hash = bin2hex ($first_hash);
Or the other way around:
$first_hash = hex2bin ($second_hash);
Update
Add this function:
define('HEX2BIN_WS', " \t\n\r");
function hex2bin($hex_string) {
$pos = 0;
$result = '';
while ($pos < strlen($hex_string)) {
if (strpos(HEX2BIN_WS, $hex_string{$pos}) !== FALSE) {
$pos++;
} else {
$code = hexdec(substr($hex_string, $pos, 2));
$pos = $pos + 2;
$result .= chr($code);
}
}
return $result;
}
If you want to update obsolete mhash() method to hash_hmac() method using sha1, simply replace :
mhash(MHASH_SHA1, $data, $key)
into
hash_hmac('sha1', $data,$key,true)
In my context i was faced to old piece of code
base64_encode(mhash(MHASH_SHA1, $data, $key));
which i replaced by
base64_encode(hash_hmac('sha1', $data,$key,true));
I hope it could help.
mhash(MHASH_MD5, 'FOOBAR'); // what you have
pack('H*', hash(MD5, 'FOOBAR')) // what you accepted
pack('H*', md5('FOOBAR')); // ...
md5('FOOBAR', true); // what you could/should have used
I know this question is rather old but today I had the same problem. Based on this post I was able to find a shorter and I guess more performant way which is worth sharing in my opinion.
Related
I mean if we give 3, b as parameters passed into function, it should return "bbb" by using loops.
I've tried some code, but I do not want to post it because it might look crazy for a well-versed developer. I can provide you links, this question has been asked in an interview, mainly they want it to be computed in C or C++. Since I am a PHP practitioner, I am curious to know it is possible in PHP. Below is the link (ROUND 2: SIMPLE CODING(3 hours))
https://www.geeksforgeeks.org/zoho-interview-set-3-campus/
A PHP function to do that would probably look like this:
function string_repeat($num, $string)
{
$result = "";
for ($x = 0; $x < $num; $x++) {
$result .= $string;
}
return $result;
}
So calling echo string_repeat(3, 'b'); would output:
bbb
One way would be to keep around a "dummy" string, of sufficient length to be longer than any string you want to generate. Then, we can use preg_replace to replace each character with whatever the input is. Finally, we can substring that replace string to the desired length.
$dummy = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$length = 3;
$dummy = preg_replace('/./', 'b', $dummy);
$output = substr($dummy, 0, $length);
echo $output;
This prints:
bbb
You could wrap this into a helper function, if you really wanted to do that. Note that internally the regex engine is most likely doing some looping of its own, so we are not really freeing ourselves from looping, just hiding it from the current context.
I'm working with some encryption in PHP that's being accessed by some c# code,
When I sha1 Encrypt the following: test1:test1:apple,
every online generator will return: 8ee27a0e9368d2835b3fdeb4b50caf1d8f790314
However, when I run my PHP script it returns 296b39344a6eb9d88c3bb1122f5941f0bcf3b0c2 instead. Because essentially it's adding an empty line along with the string (test1:test1:apple) that I'm encrypting.
Does anyone have any idea how to fix this? It's not neccesarily the worst thing in the world, it's just extremely annoying.
The code I'm using is pretty simple:
function GetRandomWord()
{
$file = "../Core/nouns0.txt";
$file_arr = file($file);
$num_lines = count($file_arr);
$last_index = $num_lines -1;
$rand_index = rand(0, $last_index);
$rand_text = $file_arr[$rand_index];
return $rand_text;
}
$enc = GetRandomWord();
$encrypted = sha1("$username:$password:$enc");
echo $encrypted;
which gets caught in c# by a script.
Thanks in advance!
#IĆyaBursov their answer helped! I changed the GetRandomWord() function's return statement to
return trim($rand_text);
Thanks!
file() will read each line of a file into an array. It reads the entire line, including the linefeed at the end. If you don't want this behaviour, use the second argument to say so:
$file_arr = file($file, FILE_IGNORE_NEW_LINES);
Hi everyone I was wondering what could be possible to randomize this code even further :
<?php
$key=md5('ILOVEYOU');
$serverseed = floor(time() / 5);
srand($serverseed);
$result = rand();
$modulus_result= $result % 100;
echo "before: ".$modulus_result."<br>";
echo "after: ".encrypt($modulus_result, $key)."<br>";
echo decrypt($modulus_result, $key);
function decrypt($string, $key){
$string = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($string), MCRYPT_MODE_ECB));
return $string;
}
function encrypt($string, $key){
$string = rtrim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_ECB)));
return $string;
}
?>
Ok for everyone that stumbled upon this thread and missunderstood the topic, I'm not using this function to protect ANYTHING inside my website, I'm just looking ways to randomize this function as it uses time() as a reference...
I need to generate a random int from 1-100, that seems to work, I'm just looking for other ways to randomize it( if I could explain a bit more, adding some sort of "salt" not encryption of any sort.)
Check the documentation:
This function does not generate cryptographically secure values, and
should not be used for cryptographic purposes. If you need a
cryptographically secure value, consider using random_int(),
random_bytes(), or openssl_random_pseudo_bytes() instead.
You might want to use random_int instead.
The problem with that is that was introduced with PHP 7 so you might not be able to use it. In this case, you can get it here, as mentioned in the documentation.
Because the Bitbucket API doesn't provide a method to get the latest tag for a repository I find myself having to get it from an array of all tags.
How do you do it?
I have tried max but it doesn't work for certain numbers e.g.
max(['1.0.8', '1.0.9', '1.0.10']);
returns '1.0.9'.
I know the tags will only ever be three numbers a.b.c they won't have other semver accepted strings like alpha etc. because of the way we do tags for our repos.
So how do you do it?
$versions = ['1.0.8', '1.0.9', '1.0.10'];
usort($versions, 'version_compare');
echo end($versions);
See http://php.net/version_compare
If you don't feel like modifying the array:
echo array_reduce($versions, function ($highest, $current) {
return version_compare($highest, $current, '>') ? $highest : $current;
});
By using the version_compare function:
function maxVersion($array)
{
$max = null;
foreach ($array as $version) {
if (version_compare($max, $version) === -1) {
$max = $version;
}
}
return $max;
}
print(maxVersion(['1.0.8', '1.0.9', '1.0.10']));
// returns "1.0.10"
Because you are dealing with Strings here rather than numbers, you will not get the result you require. You could try the following:
$version_numbers = str_replace(".","",['1.0.8', '1.0.9', '1.0.10']);
$max = max($version_numbers);
If you are always dealing with a fixed a.b.c structure then by replacing the decimal point you will get a series of integers that will let you determine the maximum relatively easily
I am using random.org in my php script to generate random numbers like that:
function getToken($length){
$r = explode('
',file_get_contents('http://www.random.org/integers/?num='.$length.'&min=0&max=9&col=1&base=10&format=plain'));
$string = '';
foreach ( $r as $char ) $string.=$char;
return $string;
}
but my university net denies such queries, so whenewer i test my project using university wifi, i dont get random numbers to be generated, and that means trouble.
So, i before using this function, it needs to be chect if i can query random.org or not like that:
if( site is accessible ) return getToken();
else return false;
what would be the best way to check accesability?
Myself i tried:
file_get_contents();
but it sends warnings,whenewer it fails,
dns_get_record();
but i dont know if i can trust that, if it checks only dns name.
Please help!
P.S. a pinging technique might proove usefull...
You could just run file_get_contents with # to supress errors and simply return when it doesn't give you a random number, resulting in something like:
function getToken($length){
$number = #file_get_contents('http://www.random.org/integers/?num='.$length.'&min=0&max=9&col=1&base=10&format=plain');
if($number === false) return null;
$r = explode('',$number);
$string = '';
foreach ( $r as $char ) $string.=$char;
return $string;
}
That being said, I seriously doubt if you really need to use random.org to generate random numbers. PHP's own pseudo-random generator functions include openssl_random_pseudo_bytes that is said to generate "cryptographically strong" pseudorandom numbers:
http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php