Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2003
    san jose, CA

    Unanswered: SHA function - compare password doesn't work

    Hello everyone:

    I am doing a exercise to compare user entry (password) with existing password saved in the database.

    a)I used SHA() function to encrypt the password in insert command.
    b) I also used SHA() in select clause to encrypt user entry password

    I alwasy got an error message saying that wrong user password entered.

    Please check my code and give me some suggestion on how to resolve this problem. Thanks!

    table holds user_id and user_password two entry

    create table tbl_auth_user(
      user_id varchar(10) NOT NULL,
      user_password char(32) NOT NULL,
      primary key (user_id)
      insert into tbl_auth_user (user_id, user_password) VALUES ('theadmin', SHA('1234'));
    PHP code:

    PHP Code:
    $db_name 'pc_inventory';

    $_POST['userid']) && isset($_POST['txt_password']) )
    //connect to database
    $db_connect mysql_connect('''root''');

    "you connected to the dabase<br />";
            die (
    'connection to db failed' mysql_error());

    //select database
    $db_selection mysql_select_db($db_name);
    "$db_name being selected.<br />";
    "$db_name not selected" mysql_error());

    $userId $_POST['userid'];
    $password $_POST['txt_password'];

    "$userId / $password.<br />";

    // check if the user id and password combination exist in database
    $sql "SELECT user_id
                   FROM tbl_auth_user
                WHERE user_id = '
    $userId' AND user_password = SHA('$password')";

    $result mysql_query($sql) or die('Query failed. ' mysql_error());

    mysql_num_rows($result) == 1)
    "user name and password exist in the database<br />";
    $errorMessage 'Sorry, wrong user id / password';


      Password Funtion


    if ($errorMessage != '') {

        <p align="center"><b><font color="#990000"><?php echo $errorMessage?></font></b></p>

      <form name="" id="" action="" method="post">
       User ID:<input type="text" name="userid" id="userid" value="" /><br /><br />
       Password:<input type="password"  name="txt_password" id="txt_password"><br /><br />
       <input type="submit" name="submit" value="Submit" />



  2. #2
    Join Date
    Apr 2006
    Denver, Co. USA
    An sha() output is 40 characters long, your field is not and is truncating the value so a comparison will never match.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts