3v4l.org

run code in 300+ PHP versions simultaneously
<?php declare(strict_types=1); /** * Verify a Django password (PBKDF2-SHA256) * * @param string $password The password provided by the user * @param string $djangoHash The hash stored in the Django app * @return bool * @throws Exception */ function django_password_verify(string $password, string $djangoHash): bool { $pieces = explode('$', $djangoHash); if (count($pieces) !== 4) { throw new Exception("Illegal hash format"); } list($header, $iter, $salt, $hash) = $pieces; // Get the hash algorithm used: if (preg_match('#^pbkdf2_([a-z0-9A-Z]+)$#', $header, $m)) { $algo = $m[1]; } else { throw new Exception(sprintf("Bad header (%s)", $header)); } if (!in_array($algo, hash_algos())) { throw new Exception(sprintf("Illegal hash algorithm (%s)", $algo)); } $calc = hash_pbkdf2($algo, $password, base64_decode($salt), (int) $iterations); var_dump($calc); return false; } var_dump(django_password_verify('123', 'pbkdf2_sha256$20000$MflWfLXbejfO$tNrjk42YE9ZXkg7IvXY5fikbC+H52Ipd2mf7m0azttk='));
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/KVaSt
function name:  (null)
number of ops:  8
compiled vars:  none
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   34     0  E >   INIT_FCALL                                               'var_dump'
          1        INIT_FCALL                                               'django_password_verify'
          2        SEND_VAL                                                 '123'
          3        SEND_VAL                                                 'pbkdf2_sha256%2420000%24MflWfLXbejfO%24tNrjk42YE9ZXkg7IvXY5fikbC%2BH52Ipd2mf7m0azttk%3D'
          4        DO_FCALL                                      0  $0      
          5        SEND_VAR                                                 $0
          6        DO_ICALL                                                 
          7      > RETURN                                                   1

Function django_password_verify:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 10, Position 2 = 14
Branch analysis from position: 10
1 jumps found. (Code = 108) Position 1 = -2
Branch analysis from position: 14
2 jumps found. (Code = 43) Position 1 = 30, Position 2 = 33
Branch analysis from position: 30
1 jumps found. (Code = 42) Position 1 = 41
Branch analysis from position: 41
2 jumps found. (Code = 43) Position 1 = 49, Position 2 = 57
Branch analysis from position: 49
1 jumps found. (Code = 108) Position 1 = -2
Branch analysis from position: 57
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 33
1 jumps found. (Code = 108) Position 1 = -2
filename:       /in/KVaSt
function name:  django_password_verify
number of ops:  74
compiled vars:  !0 = $password, !1 = $djangoHash, !2 = $pieces, !3 = $header, !4 = $iter, !5 = $salt, !6 = $hash, !7 = $m, !8 = $algo, !9 = $calc, !10 = $iterations
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   12     0  E >   RECV                                             !0      
          1        RECV                                             !1      
   14     2        INIT_FCALL                                               'explode'
          3        SEND_VAL                                                 '%24'
          4        SEND_VAR                                                 !1
          5        DO_ICALL                                         $11     
          6        ASSIGN                                                   !2, $11
   15     7        COUNT                                            ~13     !2
          8        IS_NOT_IDENTICAL                                         ~13, 4
          9      > JMPZ                                                     ~14, ->14
   16    10    >   NEW                                              $15     'Exception'
         11        SEND_VAL_EX                                              'Illegal+hash+format'
         12        DO_FCALL                                      0          
         13      > THROW                                         0          $15
   18    14    >   QM_ASSIGN                                        ~17     !2
         15        FETCH_LIST_R                                     $18     ~17, 0
         16        ASSIGN                                                   !3, $18
         17        FETCH_LIST_R                                     $20     ~17, 1
         18        ASSIGN                                                   !4, $20
         19        FETCH_LIST_R                                     $22     ~17, 2
         20        ASSIGN                                                   !5, $22
         21        FETCH_LIST_R                                     $24     ~17, 3
         22        ASSIGN                                                   !6, $24
         23        FREE                                                     ~17
   20    24        INIT_FCALL                                               'preg_match'
         25        SEND_VAL                                                 '%23%5Epbkdf2_%28%5Ba-z0-9A-Z%5D%2B%29%24%23'
         26        SEND_VAR                                                 !3
         27        SEND_REF                                                 !7
         28        DO_ICALL                                         $26     
         29      > JMPZ                                                     $26, ->33
   21    30    >   FETCH_DIM_R                                      ~27     !7, 1
         31        ASSIGN                                                   !8, ~27
   20    32      > JMP                                                      ->41
   23    33    >   NEW                                              $29     'Exception'
         34        INIT_FCALL                                               'sprintf'
         35        SEND_VAL                                                 'Bad+header+%28%25s%29'
         36        SEND_VAR                                                 !3
         37        DO_ICALL                                         $30     
         38        SEND_VAR_NO_REF_EX                                       $30
         39        DO_FCALL                                      0          
         40      > THROW                                         0          $29
   25    41    >   INIT_FCALL                                               'in_array'
         42        SEND_VAR                                                 !8
         43        INIT_FCALL                                               'hash_algos'
         44        DO_ICALL                                         $32     
         45        SEND_VAR                                                 $32
         46        DO_ICALL                                         $33     
         47        BOOL_NOT                                         ~34     $33
         48      > JMPZ                                                     ~34, ->57
   26    49    >   NEW                                              $35     'Exception'
         50        INIT_FCALL                                               'sprintf'
         51        SEND_VAL                                                 'Illegal+hash+algorithm+%28%25s%29'
         52        SEND_VAR                                                 !8
         53        DO_ICALL                                         $36     
         54        SEND_VAR_NO_REF_EX                                       $36
         55        DO_FCALL                                      0          
         56      > THROW                                         0          $35
   29    57    >   INIT_FCALL                                               'hash_pbkdf2'
         58        SEND_VAR                                                 !8
         59        SEND_VAR                                                 !0
         60        INIT_FCALL                                               'base64_decode'
         61        SEND_VAR                                                 !5
         62        DO_ICALL                                         $38     
         63        SEND_VAR                                                 $38
         64        CAST                                          4  ~39     !10
         65        SEND_VAL                                                 ~39
         66        DO_ICALL                                         $40     
         67        ASSIGN                                                   !9, $40
   30    68        INIT_FCALL                                               'var_dump'
         69        SEND_VAR                                                 !9
         70        DO_ICALL                                                 
   31    71      > RETURN                                                   <false>
   32    72*       VERIFY_RETURN_TYPE                                       
         73*     > RETURN                                                   null

End of function django_password_verify

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
154.07 ms | 1029 KiB | 22 Q