The following code is what I've used to encrypt a password in PHP...
$password = sha1(sha1($_POST['password']).sha1("mySalt@$#(%"));
What code can I use so users can log in using what they typed?
Asked
Active
Viewed 2,801 times
0
w5m
- 2,286
- 3
- 34
- 46
user2169832
- 9
- 1
- 2
2 Answers
3
sha1 is a hashing algorithm, not a 2-way encryption. You cannot retrieve the original password.
- Hash the submitted password using the same algorithm.
- Fetch, from your database, the password hash for the user in question.
- Compare the two hashes. If they match, the credentials are OK.
- Don't use sha1 for password hashing, it isn't safe enough
- Use a unique salt per credential, don't reuse the same one each time.
Quentin
- 914,110
- 126
- 1,211
- 1,335
-
thanks for your replies. my question is: which code do i use so users form my database can login into their accounts? this is just a small uni project by the way – user2169832 Mar 14 '13 at 12:59
-
Writing a complete authentication system is somewhat beyond the scope appropriate for a SO question. – Quentin Mar 14 '13 at 13:04
0
You should use crypt for password hashing, sha1/md5 are too weak.
All you need:
function check_password($password) {
...//get db password to compare
if (crypt($post_password, $db_results[0]['password']) == $db_results[0]['password']) {
return true;
} else { return false; }
}
Brock Hensley
- 3,617
- 2
- 29
- 47