Page 1 of 1

problem with sha1

Posted: Mon Dec 06, 2010 1:45 am
by Firehawk777
Hi there
I have created a database which is meant to hold user names and passwords.
I am also encrypting the passwords using sha1.

The query I use from php to the database is:

Code: Select all

SELECT user,pass FROM users WHERE user='$user' AND pass='$enpass'
This will tell me if there is no user though it seems to see all passwords as the same value and allows the call to complete and access the account even if the password is not correct.
I have been able to retrieve the password from the database though it appears that any password I enter becomes the same value. I.E when I echo the password from the database and any password I enter and encrypt it becomes the same
'9535177bddfad577d055133cefeddedee2efc49c'
this is my encryption function

Code: Select all

function encryptpass($pass)
{
$salt1 = "#@$";
$salt2 = "%$#";
$enpass = sha1('$salt1$pass$salt2');
return $enpass;
}
Can anyone tell me why this might be happening?

I have tried checking if sha1 will return a different value using
this code though it doesn't on my system

Code: Select all

<?php
function encriptpass($pass)
{
$salt1 = "#@%";
$salt2 = "%*#";
$enpass = sha1('$salt1$pass$salt2');
return $enpass;
}

if (isset($_POST['pass']))
{
$newpass = ($_POST['pass']);
$newpass=encriptpass($newpass);
echo "$newpass";

}
?>

<form method='post' action='test.php'>
<input type='text' size='12' maxlength='16' name='pass'/>
<input type='submit' size='50' value='enter value' />
</form>
It comes up with 9535177bddfad577d055133cefeddedee2efc49c every time I enter a value.
Please someone tell me why this would happen as it seems a bit nuts?

Re: problem with sha1 encryption

Posted: Mon Dec 06, 2010 2:20 am
by requinix
Firehawk777 wrote:I am also encrypting the passwords using sha1.
No, you are not. You are hashing the passwords. There's a big difference - get the terminology right.

Code: Select all

sha1('$salt1$pass$salt2');
Looks like you need a quick primer on strings. Particularly the bits about single-quoted strings.

Re: problem with sha1 encryption

Posted: Mon Dec 06, 2010 2:37 am
by Firehawk777
Thanks for the reply
I am very new to php so I don't know the terminology.
Could you please explain what you meant by
tasairis wrote:Looks like you need a quick primer on strings
I mean I read that entire post and still don't get it!!!
How would be the way to implement the encrypt function I wrote.
I have taken out the salts and still have the same problem.
I have been working on this for hours now and it is really holding me up. :banghead:
Any help you can give would be very appreciated!!!

Re: problem with sha1

Posted: Mon Dec 06, 2010 4:46 am
by Darhazer

Code: Select all

sha1('$salt1$pass$salt2');
have to be

Code: Select all

sha1("$salt1$pass$salt2");
read about single and double quoted strings, as tasairis have suggested

Re: problem with sha1

Posted: Mon Dec 06, 2010 5:39 am
by Firehawk777
Thanks to both of you for your help.
I am learning php from books and it really helps having some good advice from the pros.
I will take more time and read the article again so I get a firmer grip of strings.
Thanks again now I can get somewhere!!!