problem with sha1 encoding login

[Novocaine88]

Hi, im currently building a login system for my website.

When a user registers i have their password sha1 encoded by using this code;

$b = $_POST['requiredpassword'];
$encrypt = sha1($b);

mysql_query ("INSERT INTO aUsers (email, password, fname, lname, newsletter)
			VALUES ('$a', '$encrypt', '$c', '$d', '$e')");

 

the other fields i deleted from this post as they aren't relevant.

Anyway, when i check the fields in the database it works, all the passwords are unreadable.

 

So now with my login script i have this;

include('phpinclude.php');
connect();		
session_start();

$a = $_POST["email"];
$b = sha1($_POST["password"]);

$result = mysql_query("SELECT * FROM aUsers WHERE email='$a' AND password='$b'");
disconnect();
if(mysql_num_rows($result)==0)
{

 

Now this doesn't work, every time i try to login, i just get no results returned. I tried without the sha1 encoding just to check the login script did work correctly, and it did work without it.

 

The thing is ive used this almost identical script before to login using sha1, and it worked. Why isn't this working now? Can anyone shed some light?

 

Thanks

[PFMaBiSmAd]

Have you looked directly in your database table to see if there is a row that has an exact match to what sha1($_POST["password"]) produces?

[Novocaine88]

I havent tested in that method, but instead i have just registered as a new user making sure i use a simple password like 'test' or 'password' so that it would be pretty hard to mistype  it when logging in.

[PFMaBiSmAd]

Yes, well, until you investigate WHY your query is not matching a row in your table, you will never solve your problem.

[Novocaine88]

Good advice, after outputting the data i had realised a small mistake within the database, i had set the password field to 15 characters yet the sha1 encoding was 40 chars long.

so i extended the limit to 50, and now it works.

 

Thanks a lot for the quick responses.