PHP to Xojo

$salt = substr(md5(uniqid(rand(), true)), 0, 9)
$password = sha1($salt . sha1($salt . sha1($password)))

I need save a salt and a password field in a Mysql database using the above encryption (PHP)
Please help me to achieve in Xojo

Thanks in advance

If you haven’t coded this already, you should really looking into using PBKDF@ or bcrypt instead of this scheme. PBKDF2 is built into Xojo through the Crypto module while bcrypt is available through my Blowfish classes.

Otherwise, let me take a crack at this:

dim salt as string = Crypto.GenerateRandomBytes( 9 )
dim pw as string = _
    Crypto.SHA1( salt + Crypto.SHA1( salt + Crypto.SHA1( password ) ) )

Code by @Kem Tekinay above will give you error

Undefined operator. Type string does not define "Operator_Add" with type MemoryBlock

It should be divided into several string variables.

Xojo version

  dim password as String
  dim salt as String = Mid(MD5(uniqid(Str(Rnd), True)), 1, 9)
  dim shapass as String = Crypto.sha1(password)
  dim shaalt as String = Crypto.sha1(salt + shapass)
  password = Crypto.sha1(salt + shaalt)

while uniqid,

Private Function uniqid(prefix as String = "", moreEntropy as boolean = false) as String
  dim mt as Double = Microseconds()
  dim fmt as UInt64 = Floor(mt)
  dim mfmt as UInt64 = (mt-Floor(mt))*1000000
  dim h as String = Hex(fmt)
  dim h1 as String = Hex(mfmt)
  dim first as String = h.Mid(1, 8)
  dim second as String = h1.Mid(1,5)
  dim result(-1) as String
  result.Append prefix
  result.Append first
  result.Append second
  If moreEntropy Then
    // please replace this with Combined Linear Congruential Generator
    dim r as new Random
    dim e as UInt64 = r.InRange(10000000, 99999999)
    result.Append "."
    result.Append Str(e)
  End If
  Return Join(result, "")
End Function

In this code, you need to make sure that you’re using non floating-point datatype when passing to Hex function

dim mt as Double = Microseconds()
dim fmt as UInt64 = Floor(mt)
dim mfmt as UInt64 = (mt-Floor(mt))*1000000
dim h as String = Hex(fmt)
dim h1 as String = Hex(mfmt)

a bug, maybe?

To prove it, this code will give you a different result

dim a as Double = Microseconds()    //5749509710.6709995269775391
dim b as UInt64 = a                 //5749509710

dim ha as String = Hex(a)           //80000000
dim hb as String = Hex(b)           //156B28E4E

An interesting read about protecting passwords…

Ditto. Read the page shao sean posted, then do what Kem says. The code you’re looking to port is bad practice.

According with Xojo advertising for Black Friday:

Create Powerful Apps for the Web & Desktop NO HTML, CSS, JAVASCRIPT, AJAX, [b]PHP[/b]

This is a Sunday smile :wink:

I 'm obligated to obtain the same result as with PHP code, I’m trying to migrate some data from my ERP to AbanteCart database structures and for
the customers one need this encryption mode
I will try your suggestions later today
Thanks you very much to all