Hello, i just coded for login script now i want to add "sha1" to my code due to security reason but it's showing an invalid login error i don't know the reason but when i use this withouht "sha1" it's working fine but i want to secure password into database please hwlp what's wrong i'm doing..

here is my code for login.php:


// username and password sent from Form

$sql="SELECT * FROM admin WHERE username='$myusername' AND passcode='.sha1[$mypassword]' ";

// If result matched $myusername and $mypassword, table row must be 1 row

header("location: welcome.php");
echo "Your Login Name or Password is invalid";
?> <form action="" method="post"> <label>UserName :</label> <input type="text" name="username"/><br /> <label>Password :</label> <input type="password" name="password"/><br/> <input type="submit" value=" Submit "/><br /> </form>

And here is my code for insert.php:

// Check connection
if (mysqli_connect_errno())
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
$sql="INSERT INTO admin
('', '$_POST[username]','$hash_key')";

if (!mysqli_query($con,$sql))
    die('Error: ' . mysqli_error($con));
echo "1 record added";


Recommended Answers

All 2 Replies

Line 11 looks weird with the SHA1 function.

$sql="SELECT * FROM admin WHERE username='$myusername' AND passcode='.sha1[$mypassword]' ";

//should be

$sql="SELECT * FROM admin WHERE username='".mysql_real_escape_string($myusername)."' AND passcode='".sha1(mysql_real_escape_string($mypassword))."' ";

I'm confused on why you're using MySQLi in your insertion script, yet the original and long-since dropped, but now officially deprecated, MySQL extension. Using the original MySQL extension is incredibly inappropriate these days. You have some MySQLi usage in your project; standardize on it and take advantage of parameterized statements

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.