I am not really sure what you are trying to do, but I think you are comparing the password provided by the user ([CODE]$_POST['userpassword'][/CODE]) with the sha1'ed one saved in the database.

Well, I have tried that before but with no success because even though the password can be right, those are completely different strings. They will not match unless you decrypt the one stored on the database (which I do not recommend).

What I usually do is that I sha1encrypt [CODE]$_POST['userpassword'][/CODE] and then compare it to the one stored in the database. Make sure you use the same encrypting method, otherwise it will produce different results. If you could encrypt the first one, I do not think you will have a problem ecrypting the one provided by the user.

I'm not sure if I am completely of the line here, but I hope that helps.