Sha1 hasing

[Hydrian]

I have a system for users to register and login. I want to change the normal showing passwords to sha1 hashed passwords. Can you help me by telling me what line  would i put the sha1

 

<? 
include_once"config.php";
if(isset($_POST['register'])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("d-m-Y");
if($username == NULL OR $password == NULL OR $email == NULL){
$final_report.= "Please complete the form below..";
}else{
if(strlen($username) <= 7 || strlen($username) >= 30){
$final_report.="Your username must be between 7 and 30 characters..";
}else{
$check_members = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");   
if(mysql_num_rows($check_members) != 0){
$final_report.="The username is already in use!";  
}else{ 
if(strlen($password) <= 6 || strlen($password) >= 30){
$final_report.="Your password must be between 6 and 30 digits and characters..";
}else{
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ 
$final_report.="Your email address was not valid..";
}else{
$create_member = mysql_query("INSERT INTO `members` (`id`,`username`, `password`, `email`, `ip`, `date`) 
VALUES('','$username','$password','$email','$memip','$date')"); 
$final_report.="Thank you for registering, you may now login."; 
}}}}}}
?>

[Hydrian]

Topic suposed to be Sha1 Hashing

[scootstah]

SHA1 is not secure for password storage. It is a general purpose hashing algorithm used for things like checking file integrity.

 

Also, it makes no sense at all to limit the max password length if you are hashing it. It will always come out to be the same size regardless of the input size.

[Hydrian]

well i want to md5 the passwords. so its safe

[Christian F.]

I strongly recommend that you read this article about secure login systems, it will explain everything you're wondering about.