Home/ Questions/Q 834403
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T04:40:00+00:00

I’m planning on storing the passwords as a sha1, so I need a way

  • 0

I’m planning on storing the passwords as a sha1, so I need a way to validate that it is a sha1 at another point in my website. I was planning on using preg_match, but I do not know how to make regex patterns. Could someone help me out with one?

Thanks

Edit: I am not trying to see if two hashes match.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Actually, you can use preg_match() to make sure it’s a 40 characters hexadecimal string as such:

    function is_sha1($str) {
    return (bool) preg_match('/^[0-9a-f]{40}$/i', $str);
}

    To explain the pattern:

    /        Opening Delimiter
    ^        Start Of String Anchor
    [0-9a-f] Any of the following characters: 0123456789abcdef
    {40}     Repeated 40 times
    $        End Of String Anchor
    /        Closing Delimiter
    i        Modifier: Case-Insensitive Search

    If you are trying to make sure that the sha1() hash matches the password the user provider, you simply rehash like this:

    if($db_hash == sha1($user_provided_pass))
   echo "Password is correct!";
    • 0