Sha1 encryption and posting login details to mysql database

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • gmag
    New Member
    • Apr 2015
    • 1
    #1

    Sha1 encryption and posting login details to mysql database

    i have encrypted admin passwords in mysql, now i want to make the login page work. but my code seems to be failing to login. please help:
    here is my .php file to connect and make validation:
    Code:
    mysql_connect($host,$user,$pass);
		
		mysql_select_db($db);
		
		
		if (isset($_POST['admin']) || ($_POST['password'])) {
		
	
			$password = $_POST['password'];
		
		
		$sql = 	"SELECT * FROM admin WHERE password = SHA1('$password')";
 
		
		$result = mysql_query($sql);
		
		if (mysql_num_rows($result)==1) 
		{
						
			header("Location: admin.php");
			
		} else {
		
			
			echo "<h1>Invalid Login Information</h1>";
		}
		}
		
	?>
    Last edited by Rabbit; Apr 15 '15, 02:09 AM. Reason: Please use [code] and [/code] tags when posting code or formatted data.
    Tags: None
    • Mukesh9023
      New Member
      • Nov 2013
      • 11
      #2
      Hii gmag,
      First of all make sure whether you are encrypting your password in database or not. You will have to encrypt your password in database using SHA1 Method then if your both POST password and database password is in encrypted by sha1 then match will be done.

        Comment

        • Luuk
          Recognized Expert Top Contributor
          • Mar 2012
          • 1043
          #3
          If multiple users have the same password,
          than line #17 will break your program......

          To test your script:
          add a line 'echo $sql;' after line #12

          verify if:
          SELECT '<yourpassword> ', sha1('<yourpass word>');
          matches with the result....
          (change <yourpassword > with your password.... ;)

            Comment

            Previous template Next
            Working...