Retrieving an encrypted password in PHP

Question

The following code is what I've used to encrypt a password in PHP...

$password = sha1(sha1($_POST['password']).sha1("mySalt@$#(%"));

What code can I use so users can log in using what they typed?

Quentin · Answer 1 · 2013-03-14T12:58:17.570

3

sha1 is a hashing algorithm, not a 2-way encryption. You cannot retrieve the original password.

Hash the submitted password using the same algorithm.
Fetch, from your database, the password hash for the user in question.
Compare the two hashes. If they match, the credentials are OK.

Don't use sha1 for password hashing, it isn't safe enough
Use a unique salt per credential, don't reuse the same one each time.

edited Mar 14 '13 at 12:58

answered Mar 14 '13 at 12:49

Quentin

857,932
118
1,152
1,264

thanks for your replies. – user2169832 Mar 14 '13 at 12:57
thanks for your replies. my question is: which code do i use so users form my database can login into their accounts? this is just a small uni project by the way – user2169832 Mar 14 '13 at 12:59
Writing a complete authentication system is somewhat beyond the scope appropriate for a SO question. – Quentin Mar 14 '13 at 13:04

score 0 · Answer 2 · answered Mar 14 '13 at 12:51

You should use crypt for password hashing, sha1/md5 are too weak.

All you need:

function check_password($password) {  
    ...//get db password to compare
    if (crypt($post_password, $db_results[0]['password']) == $db_results[0]['password']) {  
        return true;  
    } else { return false; }
}

Retrieving an encrypted password in PHP

2 Answers2