1

I have a PHP page that registers and logs in users. When I enable sha1, the user gets created and the encrypted password is stored in the DB, but they cannot log in. When I comment out the line to encrypt in both the user creation section as well as the login section, everthing works. Here is my code to create the user:

function add_member($nick_name, $email_address, $password) {
    global $db;
    $password = sha1($password);
    $query = "INSERT INTO members
                  (nick_name, email_address, password)
              VALUES
                  ('$nick_name', :email_address, :password)";
    $statement = $db->prepare($query);
    $statement->bindValue(':email_address', $email_address);
    $statement->bindValue(':password', $password);
    $statement->execute();
    $statement->closeCursor();
}

Here is my code to validate the user:

function is_valid_member($email_address, $password) {
    global $db;
    $password = sha1($password);
    $query = "SELECT member_ID 
              FROM members
              WHERE email_address = :email_address AND password = :password";
    $statement = $db->prepare($query);
    $statement->bindValue(':email_address', $email_address);
    $statement->bindValue(':password', $password);
    $statement->execute();
        $valid = ($statement->rowCount() == 1);
    $statement->closeCursor();
    return $valid;
}

Again, when I comment out the "$password = sha1($password);" in both sections, everything works but the password is clear text.

Thanks!

Improve this question
6
  • Are the password cases different? Commented Dec 22, 2011 at 5:20
  • I am trying "test" "test" all lower case. Here is an update: When I change $password = sha1($password) to $password = MD5($password), that works perfectly. Commented Dec 22, 2011 at 5:23
  • 1
    That's interesting. What happens if you dump the sha1()'d values before you use them in your query? Are they different? Commented Dec 22, 2011 at 5:26
  • Did the user you are adding already exist and you just do not realize it do to the lack of errors? Commented Dec 22, 2011 at 5:28
  • 2
    just out of curiosity ¿what long is your password column? Commented Dec 22, 2011 at 5:44

1 Answer 1

Reset to default
2

try to debug like this, echo your $password = sha1($password); and check your database entry, might be your datatype length truncated some text in stored password

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

That was my problem. My datatype length was not long enough for sha1. That is why MD5 was working and sha1 was not. Thank you!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.