And I need to secure some area’s on my web store for admin use.

Question

0

Asked: June 8, 20262026-06-08T07:33:00+00:00 2026-06-08T07:33:00+00:00

And I need to secure some area’s on my web store for admin use.

0

And I need to secure some area’s on my web store for admin use.
The problem is the authentication of the user: the salt + hash is failing.

This is my code for creating a password (using PHP5.x):

$salt = rand(0, 999999999999);<br>
$passEncr = sha1($pass1 + $salt);

This variable $passEncr is inserted into the database together with its salt.

At the login page I’ve got the following check:

$password = $_POST['password']; // hash+salt in the database

$storedSalt = $row['salt']; // salt from database<br>
if (sha1($password + $storedSalt) == $row['password'])

Now the problem I’m experiencing is that some hashes appear to be the same.
If I try to log in with an alphanumeric password, I succeed, no matter what the content of that password is.
Full login check here: http://pastebin.com/WjVnQ4aF

Can someone please explain what I’m doing wrong?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T07:33:01+00:00

Editorial Team

2026-06-08T07:33:01+00:00Added an answer on June 8, 2026 at 7:33 am

Well, SQL injection, using SHA for passwords instead of bcrypt are the first things I see, not using OpenId so you can get out of the business of storing passwords is another.

As for the passwords being the same, I would check the database — see what you are storing, that will tell you where your problem lies.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

And I need to secure some area’s on my web store for admin use.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply