problem with sha1
Posted: Mon Dec 06, 2010 1:45 am
Hi there
I have created a database which is meant to hold user names and passwords.
I am also encrypting the passwords using sha1.
The query I use from php to the database is:
This will tell me if there is no user though it seems to see all passwords as the same value and allows the call to complete and access the account even if the password is not correct.
I have been able to retrieve the password from the database though it appears that any password I enter becomes the same value. I.E when I echo the password from the database and any password I enter and encrypt it becomes the same
'9535177bddfad577d055133cefeddedee2efc49c'
this is my encryption function
Can anyone tell me why this might be happening?
I have tried checking if sha1 will return a different value using
this code though it doesn't on my system
It comes up with 9535177bddfad577d055133cefeddedee2efc49c every time I enter a value.
Please someone tell me why this would happen as it seems a bit nuts?
I have created a database which is meant to hold user names and passwords.
I am also encrypting the passwords using sha1.
The query I use from php to the database is:
Code: Select all
SELECT user,pass FROM users WHERE user='$user' AND pass='$enpass'I have been able to retrieve the password from the database though it appears that any password I enter becomes the same value. I.E when I echo the password from the database and any password I enter and encrypt it becomes the same
'9535177bddfad577d055133cefeddedee2efc49c'
this is my encryption function
Code: Select all
function encryptpass($pass)
{
$salt1 = "#@$";
$salt2 = "%$#";
$enpass = sha1('$salt1$pass$salt2');
return $enpass;
}I have tried checking if sha1 will return a different value using
this code though it doesn't on my system
Code: Select all
<?php
function encriptpass($pass)
{
$salt1 = "#@%";
$salt2 = "%*#";
$enpass = sha1('$salt1$pass$salt2');
return $enpass;
}
if (isset($_POST['pass']))
{
$newpass = ($_POST['pass']);
$newpass=encriptpass($newpass);
echo "$newpass";
}
?>
<form method='post' action='test.php'>
<input type='text' size='12' maxlength='16' name='pass'/>
<input type='submit' size='50' value='enter value' />
</form>Please someone tell me why this would happen as it seems a bit nuts?