SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Evangelist
    Join Date
    Mar 2011
    Posts
    418
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Login Page - SHA - Password Encryption?

    Hi,

    I have been using the code from the login page example at: Create Login Admin & Logout Page in PHP w/ SESSION n MySQL | InTechgrity

    This is working fine, apart from the password checking bit. It uses the code:

    $sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA('$mypassword')";

    The code SHA('$mypassword')"; looks like it does something 'fancy' making the site more secure. But I cannot get the code to work with SHA. I can get it working without (by using user_pass='$mypassword'"

    What is SHA supposed to do and how can I get it working?

    Matt.

  2. #2
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    SHA is a Secure Hashing Algorithm.

    It makes the password unreadable, and even if you know the SHA1, you cannot find the password (i.e. it's a one-way street).

    If you look in your database, what do the passwords look like? 'password' or 'test123'? Or long strings consisting of 40 characters?

  3. #3
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,406
    Mentioned
    149 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by MatthewBOnline View Post
    But I cannot get the code to work with SHA.
    What does that mean? Do you get an error?

  4. #4
    SitePoint Evangelist
    Join Date
    Mar 2011
    Posts
    418
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have just tried the code again with user_pass= SHA('$mypassword')"

    and it is now working. But I still do not understand what it does!?

    What does it do? If I do not use it will it make much difference?!

    Matt.

  5. #5

  6. #6
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,904
    Mentioned
    139 Post(s)
    Tagged
    2 Thread(s)
    Take a look at this: http://www.evolt.org/node/60122

    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  7. #7
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,011
    Mentioned
    57 Post(s)
    Tagged
    0 Thread(s)
    For more information on the theory of hashes in general there's this wiki article.

    Note that the reason site admins use hashes instead of reversible encryption most of the time is for personal liability. Users tend to use passwords over and over - unfortunately this means they might use the same password at your site as they use at their bank! By hashing the password, especially by hashing and salting it, you destroy the original password information so if someone does compromise your database the liability is minimal.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •