Password hashing is not working properly!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Luisinho
Forum Newbie
Posts: 3
Joined: Wed Dec 22, 2010 8:14 am

Password hashing is not working properly!

Post by Luisinho »

Hello there,

What I'm actually trying to do is to hash a password using 'sha1', which I have already done. However, every value I submit as the password, the encryption result is the same for anything I type in, which is in this case is the following:

Code: Select all

da39a3ee5e6b4b0d3255bfef95601890afd80709
Just to clarify, I am using MySQL.

I have been trying to fix this issue for the past hours. Yet, I still couldn't find an answer. Please, take a quick look at my coding below:

Code: Select all

<?php
	$user_first_name = $_POST['user_first_name'];
	$user_last_name = $_POST['user_last_name'];
	$user_email = $_POST['user_email'];
	$user_password = $_POST['user_password'];
	$user_hashed_password = sha1($user_password);
?>

<?php
	$query = "INSERT INTO users (
				user_first_name, user_last_name, user_email, user_hashed_password
			) VALUES (
				'{$user_first_name}', '{$user_last_name}', '{$user_email}', '{$user_hashed_password}'
			)";
	
	if (mysql_query($query, $connection)) {
		// Success
		$message = "The user was succesfully created!";
		header ("Location: index.php");
		exit;
	} else {
		// Error
		$message = "The user could not be created!";
		echo "<br />" . mysql_error();
	}
?>
Thank you,
Luis
Last edited by Luisinho on Wed Dec 22, 2010 3:21 pm, edited 1 time in total.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Password hashing is not encrypting properly!

Post by pickle »

Try outputting $_POST['user_password'] in plain text - just to see if it's changing as you expect.

As a sidenote, "hashing" is not the same as "encrypting". Hashing is designed to be one way - obscuring a value. Encrypting is also obscuring a value, but intended to be unobscured by a reverse process.

This doesn't help provide you with an answer - merely an FYI about terminology.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: Password hashing is not encrypting properly!

Post by Apollo »

The checksum you mentioned is the sha1-hash of an empty string. So most likely $_POST['user_password'] does not contain what you expect.
pickle wrote:As a sidenote, "hashing" is not the same as "encrypting". Hashing is designed to be one way - obscuring a value. Encrypting is also obscuring a value, but intended to be unobscured by a reverse process.
And in addition to that, for TS: you'll typically want to store password hashes, not encrypted passwords (you only want to make sure a user entered the correct password, you never want to retrieve the actual password itself, which would be a security risk).
Luisinho
Forum Newbie
Posts: 3
Joined: Wed Dec 22, 2010 8:14 am

Re: Password hashing is not encrypting properly!

Post by Luisinho »

pickle wrote:Try outputting $_POST['user_password'] in plain text - just to see if it's changing as you expect.
I just tried outputting plain text as you said, but I'm still getting the same result.
Apollo wrote:The checksum you mentioned is the sha1-hash of an empty string. So most likely $_POST['user_password'] does not contain what you expect.
So that means I'm not getting anything in my output at all. Strange, I'll take another look in my code and see if I am able to find anything odd in it.
pickle wrote:As a sidenote, "hashing" is not the same as "encrypting". Hashing is designed to be one way - obscuring a value. Encrypting is also obscuring a value, but intended to be unobscured by a reverse process.
Apollo wrote:And in addition to that, for TS: you'll typically want to store password hashes, not encrypted passwords (you only want to make sure a user entered the correct password, you never want to retrieve the actual password itself, which would be a security risk).
As to that, I'll make sure I don't get confused again.

Thanks guys, I really appreciate your help.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Password hashing is not encrypting properly!

Post by requinix »

Luisinho wrote:I just tried outputting plain text as you said, but I'm still getting the same result.
Yeah... Simply outputting the password isn't going to fix anything. You're supposed to look at the output and use it to reason out what and where the problem is. For example, if you get no output then it means the password is empty and you'll end up with the exact hash that you do, in fact, end up with.
Luisinho wrote:So that means I'm not getting anything in my output at all. Strange, I'll take another look in my code and see if I am able to find anything odd in it.
Either the form has method=get or the password input is not called "user_password".
Luisinho
Forum Newbie
Posts: 3
Joined: Wed Dec 22, 2010 8:14 am

Re: Password hashing is not encrypting properly!

Post by Luisinho »

Problem resolved! It was the field name that was causing this, just like you suggested. All because of a stupid spelling mistake I did.

Anyway, thank you a lot guys!
Post Reply