Sha1 Encryption problem

#1
[eluser]GamingFusion[/eluser]
ok im having a problem with my sha1 encryption.

when i user register the password is encrypted as usual.

when the user logs in it is encrypted also but the encryptions are different for example the password

123456789 on register gives f7c3bc1d808e04732adf

and this on login f7c3bc1d808e04732adf679965ccc34ca7ae3441

why?

heres my code

register

Code:
function register()
    {
        $this->load->library('encrypt');
        
        $first = $this->input->post('first');
        $last = $this->input->post('last');
        $username = $this->input->post('username');
        $password =  $this->input->post('password');
        $passconf = $this->input->post('passconf');
        $confirm = $this->input->post('confirm');
        
        $encryptpass = $this->encrypt->sha1($password);
        
        $data = array('first' => $first, 'last' => $last, 'username' => $username, 'password' => $encryptpass);
        
        $query = $this->db->insert('users', $data);
        
        if ($query) {
            return $data['register'] = TRUE;
        }else{
            return $data['register'] = FALSE;
        }
        
    }


login

Code:
function login()
    {
        $this->load->library('encrypt');
        $this->load->helper('cookie');    
    
        $username = $this->input->post('username');
        $password =  $this->input->post('password');
        
        $encryptpass = $this->encrypt->sha1($password);
        
        $checkUser = $this->db->get_where('users', array('username' => $username, 'password' => $encryptpass));
        
        if ($checkUser->num_rows() < 1) {
            
            echo 'Password is incorrect.<br>';
        echo $password, '<br>';
        echo $encryptpass;
            
        }else{
                      $usernme = array(
                   'name'   => 'username',
                   'value'  => $username,
                   'expire' => '86500',
                   'domain' => '.localhost:8888',
                   'path'   => '/',
                   'prefix' => 'myprefix_',
               );
                  
                   $passwrd = array(
                   'name'   => 'password',
                   'value'  => $encryptpass,
                   'expire' => '86500',
                   'domain' => '.localhost:8888',
                   'path'   => '/',
                   'prefix' => 'myprefix_',
               );

                set_cookie($usernme);
                set_cookie($passwrd);
                
                redirect('theater', 'refresh');
        
        }        
    }

the login function returns
this on failure
Quote:Password is incorrect.
123456789
f7c3bc1d808e04732adf679965ccc34ca7ae3441

#2
[eluser]Mark LaDoux[/eluser]
Check your sql tables, I'm betting the permitted number of characters is set to a smaller value than the number of characters produced by a sha1 hash.

It should be set as a varchar(40), it appears that you have it set to half of that, which is why the results don't match.

/* edit */

Almost forgot to mention, you will of course have to recreate all your password hashes once you do this so that you have full length hashes in the database instead of half length hashes.

#3
[eluser]n0xie[/eluser]
[quote author="t0nedef" date="1257593051"]
It should be set as a varchar(40)[/quote]
Obviously he means char(40).

#4
[eluser]GamingFusion[/eluser]
thanks guys i never thought of checking that i will do that when i get home

#5
[eluser]Mark LaDoux[/eluser]
no i meant varchar(40) which is a valid character string size for MySQL, but other databases may vary in their naming conventions.

#6
[eluser]GamingFusion[/eluser]
well i used Char(40) and it works fine. but now i going to have to integrate Sessions lol

#7
[eluser]n0xie[/eluser]
[quote author="t0nedef" date="1257656571"]no i meant varchar(40) which is a valid character string size for MySQL, but other databases may vary in their naming conventions.[/quote]
Why would you use a variable size column for a field that will ALWAYS be 40 characters long? Not to mention that Char is faster in lookup and takes less room to store the same amount of data, which results in faster query execution.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.