Jump to content

[SOLVED] password is not being accepted using SHA


fiveninesixtwosix

Recommended Posts

Hi, I'm running into a problem signing in to the registration system I'm working on. If I register a password using this statement, SHA('$p'), where '$p' is input, my login page won't recognize the password but if I change the password manually on MySQL then log in again, it works. BTW, am using Xampp 1.7.2 with PHP 5.3.0. Help will be very much appreciated.

Link to comment
Share on other sites

Well, it looks like every time I encrypt the password it would give me problem. Here's the code for the input (this is only the part for the password):

 

if (preg_match ('/^[[:alnum:]]{4,20}$/', stripslashes(trim($_POST['password1'])))) {

if ($_POST['password1'] == $_POST['password2']) {

$p = escape_data($_POST['password1']);

} else {

$p = FALSE;

echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';

}

 

Here's the other for inserting it on my database:

 

$query = "INSERT INTO students_info (first_name, middle_name, last_name, address, contact, email_add, username, password) VALUES ('$fn', '$mn', '$ln', '$add', '$contact','$e', '$un', sha1('$p'))";

 

I tried both SHA and SHA1 but neither works. If I remove the single quotes, it would give me error messages. I tried removing SHA1 or SHA and it worked fine. Thanks for the reply, really appreciate it.

Link to comment
Share on other sites

Thanks for posting actual code showing how you were using it.

 

The single-quotes are needed because the whole things is inside of a double-quoted string and you are using the mysql sha/sha1 function.

 

If you are using the same processing when you test the entered password and it does not match it is highly likely that your column length is not sufficient to hold a sha/sha1 value.

Link to comment
Share on other sites

Am not really sure if that's the case because I checked on the password column and every time I change the column size and register a new password it would create an encrypted password with the length of that column. Here's the odd thing though, I copied the encrypted password (the 40 character password created by SHA directly from the table) and pasted it on the log in page and it worked just fine. I don't know what's going on.

Link to comment
Share on other sites

pasted it on the log in page and it worked just fine

 

That would indicate that you are not applying the sha/sha1 function to the entered value.

 

If you are using the same processing when you test the entered password ...

How would you expect your code to match two values when one value is a sha/sha1 value and one is not?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.