[SOLVED] password is not being accepted using SHA

[fiveninesixtwosix]

Hi, I'm running into a problem signing in to the registration system I'm working on. If I register a password using this statement, SHA('$p'), where '$p' is input, my login page won't recognize the password but if I change the password manually on MySQL then log in again, it works. BTW, am using Xampp 1.7.2 with PHP 5.3.0. Help will be very much appreciated.

[Stephen]

It would help with the actual code, seeing how "SHA" isn't a function and, assuming you meant sha1, executing sha1('$p'); would return "fc23764ac5b792f40bb1a00c0e3284e45f3f49c0".

 

 

[PFMaBiSmAd]

Php variables are not parsed when enclosed in single-quotes. You only need quotes when you are trying to form a string. Why do you have quotes around the variable $p in the function call?

[fiveninesixtwosix]

Well, it looks like every time I encrypt the password it would give me problem. Here's the code for the input (this is only the part for the password):

 

if (preg_match ('/^[[:alnum:]]{4,20}$/', stripslashes(trim($_POST['password1'])))) {

if ($_POST['password1'] == $_POST['password2']) {

$p = escape_data($_POST['password1']);

} else {

$p = FALSE;

echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';

}

 

Here's the other for inserting it on my database:

 

$query = "INSERT INTO students_info (first_name, middle_name, last_name, address, contact, email_add, username, password) VALUES ('$fn', '$mn', '$ln', '$add', '$contact','$e', '$un', sha1('$p'))";

 

I tried both SHA and SHA1 but neither works. If I remove the single quotes, it would give me error messages. I tried removing SHA1 or SHA and it worked fine. Thanks for the reply, really appreciate it.

[PFMaBiSmAd]

Thanks for posting actual code showing how you were using it.

 

The single-quotes are needed because the whole things is inside of a double-quoted string and you are using the mysql sha/sha1 function.

 

If you are using the same processing when you test the entered password and it does not match it is highly likely that your column length is not sufficient to hold a sha/sha1 value.

[fiveninesixtwosix]

Am not really sure if that's the case because I checked on the password column and every time I change the column size and register a new password it would create an encrypted password with the length of that column. Here's the odd thing though, I copied the encrypted password (the 40 character password created by SHA directly from the table) and pasted it on the log in page and it worked just fine. I don't know what's going on.

[PFMaBiSmAd]

pasted it on the log in page and it worked just fine

 

That would indicate that you are not applying the sha/sha1 function to the entered value.

 

If you are using the same processing when you test the entered password ...

How would you expect your code to match two values when one value is a sha/sha1 value and one is not?

[nadeemshafi9]

dont use sha1 it does not check against passwords, use crypt its better and more suited

[fiveninesixtwosix]

You're absolutely right Sir, my fault. I have to admit it, I'm still a newbie. You helped me resolved my problem. I was not able to analyze it. Thank you so much for the time. Really, really appreciate it.

[nadeemshafi9]

are u chating to me ?

[fiveninesixtwosix]

nadeemshafi9: Thanks for your replies. I'll try that crypt in a little while. PFMaBiSmAd showed me how dumb I am.  . This is a great forum, I'm learning a lot. Thanks guys. Wait for my next posts.