Posted by sathyashrayan on 03/26/07 12:29

On Mar 26, 4:59 pm, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> sathyashrayan wrote:
> > Dear group,
>
> > For a log-in page I have created a mysql db and user registers
> > with a user name and password. The password field is encrypted with
>
> > $passwd = sha1($_REQUEST['passwd']);
>
> > I insert the $passwd in mysql_insert. The password gets
> > encrypted and stored in mysql. Now I want to check if the user has
> > entered the correct password when he logs in. How can I do that. Any
> > help is appreciated. Thanks in advance.
>
> How?
> Compare them of course.
> The fact that the password is encrypted doesn't make it something else than
> a string of bits.
>
> So:
> supose you have a table with userid and sha1_passwd:
>
> $passwd = sha1($_REQUEST['passwd']);
> $SQL = "SELECT userid FROM tblusers where (sha1_passwd = '".$passwd."');";
>
> Execute it and see if it has a result. If not, no good password, if so, you
> have the userid.
>
> Regards,
> Erwin Moller

This way?

<?php
$sha = sha1("sathya"); /*$sha to be inserted in db*/

$new = $sha; /*save the passwd localy*/

if($new === $sha)
echo "correct";
else
echo "wrong";
?>

[Back to original message]