sha1 chage password help

Question

j_limboo 0 Junior Poster in Training

14 Years Ago

Hi newbee to php mysql
appreciate if anyone can help in change password in sha1
Current mysql table

`users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

php

Edited 14 Years Ago by j_limboo because: n/a

2 Contributors
4 Replies
135 Views
3 Days Discussion Span
Latest Post 14 Years Ago Latest Post by j_limboo

All 4 Replies

leviathan185 14 Junior Poster

14 Years Ago

which part are you having issues with? The use of sha1() or the sql to change the password?

Post your change password script if you have one

Edited 14 Years Ago by leviathan185 because: spelling...

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

j_limboo 0 Junior Poster in Training · Answer 1 · 2009-10-20T20:57:13+00:00

Did some changes to the code which i was doing wrong and made it work
its working!

$server="xxxx";
$db_user="xxxx";
$db_pass="xxxx";
$database="xxxx";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$rs_pwd = mysql_query("select password FROM users where username='$_POST[username]'");
list($old) = mysql_fetch_row($rs_pwd);

	if($old == sha1($_POST['password']))
	{
	$newmd5 = sha1(mysql_real_escape_string($_POST['newpassword']));
	mysql_query("update sumo_users set password='$newmd5' where username='$_POST[username]'");
echo "Password Changed successfully";
	} else
	{
	echo "Password change failed";
	}
	
	
	?>

leviathan185 14 Junior Poster · Answer 2 · 2009-10-23T04:29:03+00:00

you might want to add stripslashes() to the mysql_real_escape_string() because if the password has any special chars in it the stored password will have slashes is it, and the password you are comparing it against will not have the slashes.

you should use:

$newmd5 = sha1(mysql_real_escape_string(stripslashes($_POST['newpassword'])));

j_limboo 0 Junior Poster in Training · Answer 3 · 2009-10-23T05:36:12+00:00

j_limboo 0 Junior Poster in Training

14 Years Ago

That adds sense
thank you

sha1 chage password help

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers