C#•4y ago

✅ Need some help converting PHP code to CS

Hey, I think I wrote this right but I'm getting different results. Perhaps someone knows what I did wrong here?

I'm trying to convert a PHP function to a C# function. Here is what I wrote in C#. The original PHP snippets are the comments above.

string tobase64str(string input, int count)
{
    string output = "";
    int i = 0;
    string itoa64 = _password_itoa64();
    do
    {
        //string value = ord($input[$i++]);
        var value = input[i++];
        //$output.= $itoa64[$value & 0x3f];
        output += itoa64[value & 0x3f];
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 8;
            value = ((char)(value | input[i] << 8));
        }
        //$output.= $itoa64[($value >> 6) & 0x3f];
        output += itoa64[(value >> 6) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 16;
            value = (char)(value | input[i] << 16);
        }
        //$output.= $itoa64[($value >> 12) & 0x3f];
        output += itoa64[(value >> 12) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //$output.= $itoa64[($value >> 18) & 0x3f];
        output += itoa64[(value >> 18) & 0x3f];
    } while (i < count);

    return output;
}

string _password_itoa64()
{
    return "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
}

string tobase64str(string input, int count)
{
    string output = "";
    int i = 0;
    string itoa64 = _password_itoa64();
    do
    {
        //string value = ord($input[$i++]);
        var value = input[i++];
        //$output.= $itoa64[$value & 0x3f];
        output += itoa64[value & 0x3f];
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 8;
            value = ((char)(value | input[i] << 8));
        }
        //$output.= $itoa64[($value >> 6) & 0x3f];
        output += itoa64[(value >> 6) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //if ($i < $count) {
        if (i < count)
        {
            //$value |= ord($input[$i]) << 16;
            value = (char)(value | input[i] << 16);
        }
        //$output.= $itoa64[($value >> 12) & 0x3f];
        output += itoa64[(value >> 12) & 0x3f];
        //if ($i++ >= $count) {
        if (i++ >= count)
        {
            break;
        }
        //$output.= $itoa64[($value >> 18) & 0x3f];
        output += itoa64[(value >> 18) & 0x3f];
    } while (i < count);

    return output;
}

string _password_itoa64()
{
    return "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
}

Upon running this, I do not get the expected result of:

VrOlH8EFHZWQeyrP2on5MR7Q8QMC08ZnHfLv8UE54ZwL7CIJ6vKhT3EpdYriab.oA/yv9wP/yyWUHQC9.18y0$S$D

VrOlH8EFHZWQeyrP2on5MR7Q8QMC08ZnHfLv8UE54ZwL7CIJ6vKhT3EpdYriab.oA/yv9wP/yyWUHQC9.18y0$S$D

Instead, I get:

/..l1..F1..Q0..P...5...Q0..C0..n1..v0..50..L/..J...h1..p/..i0..o...v1../0..U1..9...y0

/..l1..F1..Q0..P...5...Q0..C0..n1..v0..50..L/..J...h1..p/..i0..o...v1../0..U1..9...y0

TerryDevOP•12/11/22, 11:59 PM

just in case, here is the original PHP function in full:

Angius•12/12/22, 12:00 AM

C# just has method if you need to encode stuff to base64

AAngius C# just has `Convert.ToBase64()` method if you need to encode stuff to base64

TerryDevOP•12/12/22, 12:04 AM

I’ve attempted to use that, however whatever weird function drupal uses to hash it’s passwords outputs something completely different from a regular base64 conversion. Using and phps built in Base64 encoder produce the exact same string on the input, but unfortunately I need the C# program to output the Base64 string that’s encoded through this method

Angius•12/12/22, 12:06 AM

Why does Drupal use some weird base64 encoding to hash passwords instead of an established algorithm

Angius•12/12/22, 12:06 AM

That's a security nightmare

Angius•12/12/22, 12:06 AM

Let me look into it, maybe they are using some existing algo, just named it weirdly

TerryDevOP•12/12/22, 12:07 AM

Drupal fucking sucks, which is why I’m trying to move away from it and just build everything from scratch haha

Angius•12/12/22, 12:08 AM

Only thing I found so far is this: https://www.drupal.org/forum/support/module-development-and-code-questions/2014-07-04/_password_base64_encode

AAngius Let me look into it, maybe they *are* using some existing algo, just named it we...

TerryDevOP•12/12/22, 12:08 AM

Perhaps the comment at the top of the PHP function above might ring some bells for you? I’m completely lost when it comes to this stuff unfortunately. I appreciate your help

TerryDevOP•12/12/22, 12:09 AM

Ah yes the classic “just use something else” hahahah

Angius•12/12/22, 12:10 AM

Okay, so, apparently... Drupal uses some weird shit instead of the built-in function of PHP

Angius•12/12/22, 12:10 AM

It returns bytes, that need to be encoded as base64

Angius•12/12/22, 12:10 AM

And this method is supposed to do that

Angius•12/12/22, 12:10 AM

Which... doesn't answer the original issue, but at least it's a clue to the weirdness lol

TerryDevOP•12/12/22, 12:11 AM

Yup I’ve successfully written the password hashing function in C#, and verified that it’s hashing the passwords correctly. The last piece of the puzzle is converting the hash byte array to the weird string it stores in the database

Angius•12/12/22, 12:12 AM

It also uses some function to get integer value of a char...

Angius•12/12/22, 12:12 AM

Angius•12/12/22, 12:13 AM

Let's make them more alike

TerryDevOP•12/12/22, 12:13 AM

ord() function is a inbuilt function in PHP that returns the ASCII value of the first character of a string

TerryDevOP•12/12/22, 12:13 AM

Hmmmm

Angius•12/12/22, 12:14 AM

TerryDevOP•12/12/22, 12:14 AM

Wait does c# have the =| operator?

Angius•12/12/22, 12:14 AM

yeah

Angius•12/12/22, 12:16 AM

Angius•12/12/22, 12:17 AM

Aight, we know that is equivalent to

Angius•12/12/22, 12:17 AM

can be

TerryDevOP•12/12/22, 12:17 AM

oh my god yup that did it

Angius•12/12/22, 12:17 AM

'Ere we go lol

TerryDevOP•12/12/22, 12:17 AM

thank you so much for your help!

Angius•12/12/22, 12:18 AM

Anytime

TerryDevOP•12/12/22, 12:18 AM

time to ditch drupal forever hahah

Angius•12/12/22, 12:19 AM

I heard newer versions aren't that bad

Angius•12/12/22, 12:19 AM

They're based on Symfony components, use Twig for templating, etc

Accord•12/13/22, 12:40 AM

Was this issue resolved? If so, run

/close

/close

otherwise I will mark this as stale and this post will be archived until there is new activity.