I have some code that resets a users password, emails the new password to the user then hashes the password to store it in a database:
Why are the has values different when I check the users password to sign the user in
function to hash password:
Code: Select all
function hash_it($password) {
$password = sha1($password);
return $password;
}Code: Select all
$rapndom_word = rand(1,25);
switch($random_word) {
case '1':
$word = "tele";
break;
case '2':
$word = "pillow";
break;
case '3':
$word = "foot";
break;
case '4':
$word = "super";
break;
case '5':
$word = "rock";
break;
case '6':
$word = "window";
break;
case '6':
$word = "truck";
break;
case '7':
$word = "monkey";
break;
case '8':
$word = "sofa";
break;
case '9':
$word = "word";
break;
case '10':
$word = "bubbles";
break;
case '11':
$word = "phone";
break;
case '12':
$word = "dance";
break;
case '13':
$word = "snow";
break;
case '14':
$word = "feather";
break;
case '15':
$word = "play";
break;
case '16':
$word = "smile";
break;
case '17':
$word = "pingu";
break;
case '18':
$word = "banana";
break;
case '19':
$word = "puzzle";
break;
case '20':
$word = "wave";
break;
case '21':
$word = "football";
break;
case '22':
$word = "vase";
break;
case '23':
$word = "roof";
break;
case '24':
$word = "microwave";
break;
case '25':
$word = "path";
break;
default:
$word = "garage";
}
$random_number = rand(000, 999);
$password = $word."".$random_number;
//inserting into database
$hash_password = hash_it($password);
mysql_select_db($database_db_connect, $db_connect);
$insert_sql = "update members set password = '$hash_password' where email = '$email'";
mysql_query($insert_sql, $db_connect) or die(mysql_error());Code: Select all
$email = format($_POST['email']);
$password = hash_it($_POST['password']);
//die($password);
// declaring $prev_url for redirection, if not set set to login_ok
$prev_url = $host."members/index.php";
if (!empty($_POST['prev_url'])) {
$prev_url = $_POST['prev_url'];
}
// set auth to No at beggining
$auth = "N";
$error = '0';
if ((empty($email)) OR (empty($password))) {
$error = '1';
}
//echo "username = ".$email."<br>";
//echo "password = ".$password."<br>";
// check username and password
mysql_select_db($database_db_connect, $db_connect);
//$password = md5($password);
$query_login = "SELECT id, email, password, visits, access_level, last_visit FROM members WHERE email = '$email' AND password = '$password'";
$login = mysql_query($query_login, $db_connect) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
//echo "Total selected Rows = ".$totalRows_login."<br>";
if ($totalRows_login <> '1') {
$error = '2';
}
if ( $error == '0' ) {
$auth = "Y";
// do some more login stuff