By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,441 Members | 996 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,441 IT Pros & Developers. It's quick & easy.

Sha1 encryption and posting login details to mysql database

P: 1
i have encrypted admin passwords in mysql, now i want to make the login page work. but my code seems to be failing to login. please help:
here is my .php file to connect and make validation:
Expand|Select|Wrap|Line Numbers
  1. mysql_connect($host,$user,$pass);
  2.  
  3.         mysql_select_db($db);
  4.  
  5.  
  6.         if (isset($_POST['admin']) || ($_POST['password'])) {
  7.  
  8.  
  9.             $password = $_POST['password'];
  10.  
  11.  
  12.         $sql =     "SELECT * FROM admin WHERE password = SHA1('$password')";
  13.  
  14.  
  15.         $result = mysql_query($sql);
  16.  
  17.         if (mysql_num_rows($result)==1) 
  18.         {
  19.  
  20.             header("Location: admin.php");
  21.  
  22.         } else {
  23.  
  24.  
  25.             echo "<h1>Invalid Login Information</h1>";
  26.         }
  27.         }
  28.  
  29.     ?>
Apr 14 '15 #1
Share this Question
Share on Google+
2 Replies


P: 11
Hii gmag,
First of all make sure whether you are encrypting your password in database or not. You will have to encrypt your password in database using SHA1 Method then if your both POST password and database password is in encrypted by sha1 then match will be done.
Apr 15 '15 #2

Expert 100+
P: 1,035
If multiple users have the same password,
than line #17 will break your program......

To test your script:
add a line 'echo $sql;' after line #12

verify if:
SELECT '<yourpassword>', sha1('<yourpassword>');
matches with the result....
(change <yourpassword> with your password.... ;)
Apr 15 '15 #3

Post your reply

Sign in to post your reply or Sign up for a free account.