468,512 Members | 1,502 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,512 developers. It's quick & easy.

Sha1 encryption and posting login details to mysql database

1
i have encrypted admin passwords in mysql, now i want to make the login page work. but my code seems to be failing to login. please help:
here is my .php file to connect and make validation:
Expand|Select|Wrap|Line Numbers
  1. mysql_connect($host,$user,$pass);
  2.  
  3.         mysql_select_db($db);
  4.  
  5.  
  6.         if (isset($_POST['admin']) || ($_POST['password'])) {
  7.  
  8.  
  9.             $password = $_POST['password'];
  10.  
  11.  
  12.         $sql =     "SELECT * FROM admin WHERE password = SHA1('$password')";
  13.  
  14.  
  15.         $result = mysql_query($sql);
  16.  
  17.         if (mysql_num_rows($result)==1) 
  18.         {
  19.  
  20.             header("Location: admin.php");
  21.  
  22.         } else {
  23.  
  24.  
  25.             echo "<h1>Invalid Login Information</h1>";
  26.         }
  27.         }
  28.  
  29.     ?>
Apr 14 '15 #1
2 1422
Hii gmag,
First of all make sure whether you are encrypting your password in database or not. You will have to encrypt your password in database using SHA1 Method then if your both POST password and database password is in encrypted by sha1 then match will be done.
Apr 15 '15 #2
Luuk
1,043 Expert 1GB
If multiple users have the same password,
than line #17 will break your program......

To test your script:
add a line 'echo $sql;' after line #12

verify if:
SELECT '<yourpassword>', sha1('<yourpassword>');
matches with the result....
(change <yourpassword> with your password.... ;)
Apr 15 '15 #3

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

reply views Thread by mdh | last post: by
6 posts views Thread by Bob Sanderson | last post: by
2 posts views Thread by damod.php | last post: by
9 posts views Thread by Ben | last post: by
1 post views Thread by fmendoza | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.