php - Checking sha1 against stored sha1 password -

-

i'm hashing password using sha1 , storing in database, cannot seem check see if sha1 matches 1 in database. i've tried numerous different iterations of below code, nothing seems work - missing?

registration

<?php   $username = $_post['username'];  $password = $_post['password']; $passwordencrypted = sha1($password);  try {         $result = $db->prepare("insert                              user_info                              set                              username = :user,                             pass = :pass                             ");     $result->bindparam(':user', $username);     $result->bindparam(':pass', $passwordencrypted);     $result->execute(); }  catch (exception $e) {     echo "could not create username"; }  if (isset($_post['submit'])) {      foreach ($_post $field) {         if (empty($field)) {             $fail = true;         }         else {             $continue = false;         }     }     if ($field == $fail) {         echo "you must enter username and/or password";     }     else {         echo "your account has been created.";     } }  ?>

logging in

<?php   $username = $_post['username'];           $password = $_post['password'];  $encryptedpassword = sha1($password);  try {     $result = $db->prepare("select username, pass user_info username = :user , binary pass = :pass"); $result->bindparam(':user', $username); $result->bindparam(':pass', $password); $result->execute(); $rows = $result->fetch(pdo::fetch_num); }  catch (exception $e) { echo "could not retrieve data database"; exit(); }  if ($rows) { session_start(); $_session['username'] = $_post['username']; $_session['loggedin'] = true; include("inc/redirect.php");  } else { if (isset($_post['login'])) {     echo "username or password incorrect (passwords case sensitive)"; } }  ?>

you need hash password before querying table, not afterwards:

<?php   $username = $_post['username'];           $password = $_post['password']; $passwordencrypted = sha1($password);  try {         $result = $db->prepare("select username, pass user_info username = :user , binary pass = :pass");     $result->bindparam(':user', $username);     $result->bindparam(':pass', $passwordencrypted);     $result->execute();      if ($result->fetch(pdo::fetch_num)) {         session_start();         $_session['username'] = $_post['username'];         $_session['loggedin'] = true;         include("inc/redirect.php");      } else {         if (isset($_post['login'])) {             echo "username or password incorrect (passwords case sensitive)";         }     } }  catch (exception $e) {     echo "could not retrieve data database";     exit(); }  ?>

Comments

Post a Comment

Popular posts from this blog

google api - Incomplete response from Gmail API threads.list -

-
i plot number of emails in inbox on time using gmail api , i'm seeing lot of drop-outs, whatever reason i'm getting incomplete count of messages @ single time points. my plots here: https://plot.ly/~tdsmith/2 -- "drop-outs" i'm complaining trace shoots downwards , recovers previous level @ next timepoint. the code i'm using count emails here: https://github.com/tdsmith/gmail-plotly/blob/master/gmail-plotly.py#l47-l64 what can diagnose these faults?
Read more

Installing Android SQLite Asset Helper -

-
i need use ready made database. search solution on internet did not work until decided use mentioned library found here . however, found hard use library in installation procedures shallow beginners. i appreciate step step procedure on how use android studio. in struggle tried copying sources main/libs , adding line gradle did not work. use api 19 if helps. update here build.gradle // top-level build file can add configuration options common sub-projects/modules. buildscript { repositories { mavencentral() } dependencies { classpath 'com.android.tools.build:gradle:0.11.+' compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+' // note: not place application dependencies here; belong // in individual module build.gradle files } } allprojects { repositories { mavencentral() } } trying compile project error error:(9, 0) no signature of method: org.gradle.api.internal.artifacts
Read more

Qt Creator - Searching files with Locator including folder -

-
one quick question qtcreator : know possible use locator open files using "ctrl-k" shortcut. however, possible search files including locations? for example, let's want locate file named "main.cpp" in folder named "myfolder" , have lots of other main.cpp files. what should type locator in order open ? just type myfolder/main.cpp in locator
Read more