C
C#2y ago
TerryDev

✅ Need some help converting PHP code to CS

Hey, I think I wrote this right but I'm getting different results. Perhaps someone knows what I did wrong here? I'm trying to convert a PHP function to a C# function. Here is what I wrote in C#. The original PHP snippets are the comments above. 
string tobase64str(string input, int count)
{
    string output = "";
    int i = 0;
    string itoa64 = _password_itoa64();
    do
    {
        //string value = ord($input[$i++]);
        var value = input[i++];
        //$output.= $itoa64[$value & 0x3f];
        output += itoa64[value & 0x3f];
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 8;
            value = ((char)(value | input[i] << 8));
        }
        //$output.= $itoa64[($value >> 6) & 0x3f];
        output += itoa64[(value >> 6) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 16;
            value = (char)(value | input[i] << 16);
        }
        //$output.= $itoa64[($value >> 12) & 0x3f];
        output += itoa64[(value >> 12) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //$output.= $itoa64[($value >> 18) & 0x3f];
        output += itoa64[(value >> 18) & 0x3f];
    } while (i < count);

    return output;
}

string _password_itoa64()
{
    return "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
}
string tobase64str(string input, int count)
{
    string output = "";
    int i = 0;
    string itoa64 = _password_itoa64();
    do
    {
        //string value = ord($input[$i++]);
        var value = input[i++];
        //$output.= $itoa64[$value & 0x3f];
        output += itoa64[value & 0x3f];
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 8;
            value = ((char)(value | input[i] << 8));
        }
        //$output.= $itoa64[($value >> 6) & 0x3f];
        output += itoa64[(value >> 6) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 16;
            value = (char)(value | input[i] << 16);
        }
        //$output.= $itoa64[($value >> 12) & 0x3f];
        output += itoa64[(value >> 12) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //$output.= $itoa64[($value >> 18) & 0x3f];
        output += itoa64[(value >> 18) & 0x3f];
    } while (i < count);

    return output;
}

string _password_itoa64()
{
    return "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
}
Upon running this, I do not get the expected result of: VrOlH8EFHZWQeyrP2on5MR7Q8QMC08ZnHfLv8UE54ZwL7CIJ6vKhT3EpdYriab.oA/yv9wP/yyWUHQC9.18y0$S$D Instead, I get: /..l1..F1..Q0..P...5...Q0..C0..n1..v0..50..L/..J...h1..p/..i0..o...v1../0..U1..9...y0
23 Replies
TerryDev
TerryDevOP2y ago
just in case, here is the original PHP function in full: 
function _password_itoa64() {
  return './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
}

/**
 * Encodes bytes into printable base 64 using the *nix standard from crypt().
 *
 * @param $input
 *   The string containing bytes to encode.
 * @param $count
 *   The number of characters (bytes) to encode.
 *
 * @return
 *   Encoded string
 */
function _password_base64_encode($input, $count) {
  $output = '';
  $i = 0;
  $itoa64 = _password_itoa64();
  do {
    $value = ord($input[$i++]);
    $output .= $itoa64[$value & 0x3f];
    if ($i < $count) {
      $value |= ord($input[$i]) << 8;
    }
    $output .= $itoa64[($value >> 6) & 0x3f];
    if ($i++ >= $count) {
      break;
    }
    if ($i < $count) {
      $value |= ord($input[$i]) << 16;
    }
    $output .= $itoa64[($value >> 12) & 0x3f];
    if ($i++ >= $count) {
      break;
    }
    $output .= $itoa64[($value >> 18) & 0x3f];
  } while ($i < $count);

  return $output;
}
function _password_itoa64() {
  return './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
}

/**
 * Encodes bytes into printable base 64 using the *nix standard from crypt().
 *
 * @param $input
 *   The string containing bytes to encode.
 * @param $count
 *   The number of characters (bytes) to encode.
 *
 * @return
 *   Encoded string
 */
function _password_base64_encode($input, $count) {
  $output = '';
  $i = 0;
  $itoa64 = _password_itoa64();
  do {
    $value = ord($input[$i++]);
    $output .= $itoa64[$value & 0x3f];
    if ($i < $count) {
      $value |= ord($input[$i]) << 8;
    }
    $output .= $itoa64[($value >> 6) & 0x3f];
    if ($i++ >= $count) {
      break;
    }
    if ($i < $count) {
      $value |= ord($input[$i]) << 16;
    }
    $output .= $itoa64[($value >> 12) & 0x3f];
    if ($i++ >= $count) {
      break;
    }
    $output .= $itoa64[($value >> 18) & 0x3f];
  } while ($i < $count);

  return $output;
}
Angius
Angius2y ago
C# just has Convert.ToBase64() method if you need to encode stuff to base64
TerryDev
TerryDevOP2y ago
I’ve attempted to use that, however whatever weird function drupal uses to hash it’s passwords outputs something completely different from a regular base64 conversion. Using Convert.ToBase64 and phps built in Base64 encoder produce the exact same string on the input, but unfortunately I need the C# program to output the Base64 string that’s encoded through this method
Angius
Angius2y ago
Why does Drupal use some weird base64 encoding to hash passwords instead of an established algorithm 💀 That's a security nightmare Let me look into it, maybe they are using some existing algo, just named it weirdly
TerryDev
TerryDevOP2y ago
Drupal fucking sucks, which is why I’m trying to move away from it and just build everything from scratch haha
Angius
Angius2y ago
TerryDev
TerryDevOP2y ago
Perhaps the comment at the top of the PHP function above might ring some bells for you? I’m completely lost when it comes to this stuff unfortunately. I appreciate your help Ah yes the classic “just use something else” hahahah
Angius
Angius2y ago
Okay, so, apparently... Drupal uses some weird shit instead of the built-in password_hash() function of PHP It returns bytes, that need to be encoded as base64 And this method is supposed to do that Which... doesn't answer the original issue, but at least it's a clue to the weirdness lol
TerryDev
TerryDevOP2y ago
Yup I’ve successfully written the password hashing function in C#, and verified that it’s hashing the passwords correctly. The last piece of the puzzle is converting the hash byte array to the weird string it stores in the database
Angius
Angius2y ago
It also uses some ord() function to get integer value of a char... 
value = ((char)(value | input[i] << 8));
value = ((char)(value | input[i] << 8));
vs 
$value |= ord($input[$i]) << 8;
$value |= ord($input[$i]) << 8;
Let's make them more alike
TerryDev
TerryDevOP2y ago
ord() function is a inbuilt function in PHP that returns the ASCII value of the first character of a string Hmmmm
Angius
Angius2y ago
value =| input[i] << 8;
value =| input[i] << 8;
$value |= ord($input[$i]) << 8;
$value |= ord($input[$i]) << 8;
TerryDev
TerryDevOP2y ago
Wait does c# have the =| operator?
Angius
Angius2y ago
yeah
Angius
Angius2y ago
Angius
Angius2y ago
Aight, we know that ord('a') is equivalent to (int)'a' So 
$value |= ord($input[$i]) << 8;
$value |= ord($input[$i]) << 8;
can be 
value |= (int)input[i] << 8;
value |= (int)input[i] << 8;
TerryDev
TerryDevOP2y ago
oh my god yup that did it
Angius
Angius2y ago
'Ere we go lol
TerryDev
TerryDevOP2y ago
thank you so much for your help!
Angius
Angius2y ago
Anytime
TerryDev
TerryDevOP2y ago
time to ditch drupal forever hahah
Angius
Angius2y ago
I heard newer versions aren't that bad They're based on Symfony components, use Twig for templating, etc
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server