sha1 on a password results in the same hash being generated

[jimlawrnc]

As the title indicates 

 

changepasswd.php

<?php
// Start a session
session_start();

// Sends the user to the login-page if not logged in
if(!session_is_registered('member_ID')) :
header('Location: login.php?msg=requires_login');
endif;

// Include database information and connectivity
include ('config/opendb.php');

// We store all our functions in one file
include ('config/functions.php');

//Links 
include 'links.php';
?>
<html>
<title>WebTime Password Change form</title>

<body> 
<center><p>Changing password for: <?php print user_info('username'); ?></p></center>
<br/>
<form method="post" action="newpasswd.php">



<table align=center>

<tr><td><b>Change  Password</b></td></tr>

<tr><td>New Password:</td> <td><input name="number1" ></td></tr>

<tr><td>Re-enter New Password:</td> <td><input name="number2" ></td></tr>

<tr><td><input name="submit" value="Submit" type="submit"><input type=reset value=Reset></td></tr>
</table>
</form>
</body>
</html>

 

newpasswd.php

<?php 
// Start a session
session_start();
include 'config/config.php';
include 'config/opendb.php';
include 'config/functions.php';
include 'links.php';

// Sends the user to the login-page if not logged in
if(!session_is_registered('member_ID')) :
header('Location: login.php?msg=requires_login');
endif;

$tech = user_info('username');
//$username = $_POST['username'];
//$password = $_POST['password'];
$passwordHash = sha1($_POST['password']);

// need pasword validation here!!!!!!!!


print $passwordHash;

$updatepasswd = "UPDATE members SET user_password = '$passwordHash' WHERE username = '$tech'";
print $updatepasswd;
//mysql_query($updatepasswd) or die (mysql_error());
//print "password updated!";

//}


?>

 

if i put in qwerty  it results in  da39a3ee5e6b4b0d3255bfef95601890afd80709

if i put in 123456  it results in da39a3ee5e6b4b0d3255bfef95601890afd80709

 

[Orio]

Because you don't have a field called "password", you have "number1" "number2".

 

Orio.