Home/ Questions/Q 1090215
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T23:20:21+00:00

I am creating a login form. I am learning how to use SHA-1 to

  • 0

I am creating a login form. I am learning how to use SHA-1 to encrypt passwords. I used SHA-1 to encrypt the password that the user created during registration. In the database I inputted pretend username and password data, to have something to work with. I’m having problems getting my login form to work.

// Database Connection

$con = getConnection();

$sqlQuery = mysql_query("SELECT count(*) from Customers
                         WHERE Email = '$email' and Password = sha1('$passLogin')") 

// Executing query
$result = $con->mysql_result($sqlQuery, "0");

if ($result == 0) {
    echo "Can not login, try again.";
} else {
    echo "Login Good!";
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I am learning how to use sha1 to
    encrypt passwords.

    … use sha1 to hash passwords. Hashing is different from encryption. Encryption is reversible, hashing isn’t. (or shouldn’t be). Now, …

    1. You have to make sure the passwords in the database are hashed.

    2. Usually you do the hashing on the PHP side.

    3. You should use salting to make rainbow table attacks unfeasible. Read Just Hashing is Far from Enough for Storing Password

    That said, I would do the authentication part like this:

    $hashedAndSalted = sha1($passLogin . $yourSalt);

$sqlQuery = mysql_query("SELECT Email FROM Customers WHERE Email = '$email' AND Password = '$hashedAndSalted'");

if (mysql_num_rows($sqlQuery) == 1) {
    echo 'Login successful';
} else  {
    echo 'Could not login';
}
    • 0