how do i compare the password with the hash?

Question

I'm trying to compare the hash of a password, but when I compare it I get hieroglyphs and can't match whether it's true or false.

analog php function:

/*
  * Split hash into pieces
  * ([0] = ??, [1] = master key, [2] = salt len, [3] = salt, [4] = iteration count, [5] = salt position, [6] = ??, [7] == ??, [8] == ??)
  */
        $passHashArray = explode('$', $passHash);

        /*
         * Combine passphrase and salt
         */
        $passToHash = $testPassphrase.hex2bin($passHashArray[3]);


        /*
         * Hash $passToHash $passHasArray[4] times with SHA512
         */
        for($i = 0; $i < $passHashArray[4]; $i++){
            $passToHash = hash('SHA512', $passToHash, true);
        }
        
        /*
         * Get Key and Iv from $passToHash for final encryption
         */
        $key = substr($passToHash, 0, 32);
        $iv = substr($passToHash, 32, 16);
        
        /*
         * final passphrase encryption
         */
        if(in_array('aes-256-cbc', openssl_get_cipher_methods())){
            if(openssl_decrypt(hex2bin($passHashArray[1]), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv)){
                 echo 'password correct';
            }else{
                echo 'decrypt failed';
            }
        }

go function:

var passwordHash = "64$718eadbd49dbee69e2b3e5f9659c361129cc07199d421d01892694477331ad8a$16$dce01545e0c918e7$76012$2$00$2$00"
var password = "12345678910"

func main()  {
        var passwordHashArray = strings.Split(passwordHash, "$")
    
        /*
         * Convert to hex to bin passphrase and salt
         */
        hex2Bin, err := hex.DecodeString(passwordHashArray[3])
    
        if err != nil {
            log.Printf("error hex decode string password hash array: %s", err)
        }
    
        /*
         * Combine passphrase and salt
         */
        passwordToHash  := strings.Join([]string{ password, string(hex2Bin)}, "")
    
        /*
         * Hash $passToHash $passHasArray[4] times with SHA512
         */
        intVar, err := strconv.Atoi(passwordHashArray[4])
        if err != nil {
            log.Printf("error password hash array string to int: %s", err)
        }
    
        passwordToHashBinary := make([]byte, 32)
        passwordToHashBinary = hashSHA512([]byte(passwordToHash))
    
        for i := 1; i < intVar; i++ {
            passwordToHashBinary = hashSHA512(passwordToHashBinary)
        }
    
        /*
         * Get Key and Iv from $passToHash for final encryption
         */
        var encKeyDecoded = make([]byte, 32)
             copy(encKeyDecoded, passwordToHashBinary[:32])
    
        var ivDecoded = make([]byte, 16)
            copy(ivDecoded, passwordToHashBinary[32:48])
    
        cipherTextDecoded, err := hex.DecodeString(passwordHashArray[1])
    
        if err != nil {
            log.Printf("error hex decode string password hash array: %s", err)
        }
    
        results, err := decrypt(cipherTextDecoded, encKeyDecoded, ivDecoded)
    
        if err != nil {
            log.Printf("error result decode password: %s", err)
        }
    
        log.Printf("%s", string(results))
        log.Printf("%x", string(results))
    }
    
    func decrypt(cipherTextDecoded []byte, encKeyDecoded []byte, ivDecoded []byte) ([]byte, error) {
    
        block, err := aes.NewCipher(encKeyDecoded)
        if err != nil {
            return nil, err
        }
    
        if len(cipherTextDecoded) < aes.BlockSize {
            return nil, fmt.Errorf("ciphertext too short")
        }
    
        if len(cipherTextDecoded)%aes.BlockSize != 0 {
            return nil, fmt.Errorf("ciphertext is not a multiple of the block size")
        }
    
        mode := cipher.NewCBCDecrypter(block, ivDecoded)
    
        mode.CryptBlocks(cipherTextDecoded, cipherTextDecoded)
        return cipherTextDecoded, nil
    }
    
    func hashSHA512(crypto []byte) []byte  {
        hash := sha512.New()
        hash.Write(crypto)
        sha := hash.Sum(nil)
        return sha
    }

hash:

64$718eadbd49dbee69e2b3e5f9659c361129cc07199d421d01892694477331ad8a$16$dce01545e0c918e7$76012$2$00$2$00

original password:

12345678910

it is worth noting that in php the password is displayed correctly, but on the go I get a line like:

���Pʎ&L�t→]��f�►►►►►►►►►►►►►►►►

First of all, I don't understand where it comes from:

►►►►►►►►►►►►►►►►

How can I check if a password is valid in golang?

if () {good} else {bad}

answer php: https://onecompiler.com/php/3xqvgkhbr

answer go:

https://go.dev/play/p/HUxoD29fM4c

Answer 1

i never tried using AES on my site to store password but here's how i do it i'm using PDO prepared statement and bcrypt

    $read_username = $pdo->prepare("SELECT * FROM users WHERE username = :username LIMIT 1");
    $read_username->execute([':username' => $username]);
    
        if ($read_username->rowCount() > === 1) {
            $row = $write_account->fetch(PDO::FETCH_ASSOC);
            $read_username = null; // close connection we already got what we need
            $pdo = null; // close connection we already got what we need
            $stored_hash = $row['password']; // bind the hash stored on db as $stored_hash 
            
            if (password_verify($password, $stored_hash)) { // compare user input to $stored_hash
                $_SESSION['username'] = $username . bin2hex(random_bytes(12));
                header('location: index.php');
                die("ACCESS GRANTED!");
                } else {
                    array_push($errors, "Incorrect password!");
                }
        } else {
        array_push($errors, "Account does not exist!");
        }   

also your if else concern is easy it goes like this

$hotdog = 123;

if ($hotdog == 123) {
echo "hotdog";
} else {
echo "not hotdog";
}