/    Sign up×
Community /Pin to ProfileBookmark

SHA function – compare password doesn’t work

Copy linkTweet thisAlerts:
Mar 14.2008

Hello everyone:

I am doing a exercise to compare user entry (password) with existing password saved in the database.

a)I used SHA() function to encrypt the password in insert command.
b) I also used SHA() in select clause to encrypt user entry password

I alwasy got an error message saying that wrong user password entered.

Please check my code and give me some suggestion on how to resolve this problem. Thanks!

table holds user_id and user_password two entry

[code]create table tbl_auth_user(

user_id varchar(10) NOT NULL,
user_password char(32) NOT NULL,

primary key (user_id)
);

insert into tbl_auth_user (user_id, user_password) VALUES (‘theadmin’, SHA(‘1234’));[/code]

PHP code:

[code=php]<?php
$errorMessage = ”;
$db_name = ‘pc_inventory’;

if(isset($_POST[‘userid’]) && isset($_POST[‘txt_password’]) )
{
//connect to database
$db_connect = mysql_connect(”, ‘root’, ”);

if($db_connect)
echo “you connected to the dabase<br />”;
else
die (‘connection to db failed’ . mysql_error());

//select database
$db_selection = mysql_select_db($db_name);
if($db_selection)
echo “$db_name being selected.<br />”;
else
die(“$db_name not selected” . mysql_error());

$userId = $_POST[‘userid’];
$password = $_POST[‘txt_password’];

echo “$userId / $password.<br />”;

// check if the user id and password combination exist in database
$sql = “SELECT user_id
FROM tbl_auth_user
WHERE user_id = ‘$userId’ AND user_password = SHA(‘$password’)”;

$result = mysql_query($sql) or die(‘Query failed. ‘ . mysql_error());

if(mysql_num_rows($result) == 1)
{
echo “user name and password exist in the database<br />”;
}
else
{
$errorMessage = ‘Sorry, wrong user id / password’;
}

}
?>

<html>
<title>
Password Funtion
</title>

<body>

<?php
if ($errorMessage != ”) {
?>

<p align=”center”><b><font color=”#990000″><?php echo $errorMessage; ?></font></b></p>
<?php
}
?>

<form name=”” id=”” action=”” method=”post”>
User ID:<input type=”text” name=”userid” id=”userid” value=”” /><br /><br />
Password:<input type=”password” name=”txt_password” id=”txt_password”><br /><br />
<input type=”submit” name=”submit” value=”Submit” />

</form>

</body>
</html>[/code]

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@NogDogMar 14.2008 — You need to make the password field at least 40 characters to contain the entire SHA() value (a 40-digit hexadecimal number).
×

Success!

Help @webdev077 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...