How to use SHA1 in login with PHP picking up parameters?

Question

How to use SHA1 in login with PHP picking up parameters?

Asked 6 years, 11 months ago

Viewed 968 times

0

I created a registration using as password encryption the SHA1, where the password parameter step as:

$senha = sha1($_GET['senha']);

However, I’m not sure how to decrypt, still passing parameter, the sha1(). I have the following example, which I tried to put in the parameter and in the SQL statement, but does not login:

<?php
$email =$_GET['email'];
$password = $_GET['password'];

$query="select * from usuario_app where (email = '$email') AND (sha1(senha) = '$password'))";

$result=$con->query($query);

if ($result->num_rows > 0) 
{
    while($row = $result->fetch_assoc()) 
    {
        echo json_encode($row);
    }           
}
else
{
    echo "error";
}
?>

3 answers

3

You don’t have to decrypt anything, just encrypt more!

That one sha1(senha) that you put in your select will not work, because it is inside a string, so that php will not recognize that you are calling a function, and that it is just any part of the string.

The right way to make this select is to re-encrypt the user password and compare the 2 already encrypted data:

$password = sha1($_GET['password']);
$query = "SELECT * FROM usuario_app WHERE (email = '$email') AND (senha = '$password')";

Obs: sha() is a function one-way, I mean, it’s a one-way street, there’s no way to decrypt.

Browser other questions tagged php mysql sha1

You are not signed in. Login or sign up in order to post.

by Juven_v • **2,619** points · Answer 1 · 2017-07-27T23:19:13+00:00

Let’s go in parts. Your query is like this:

<?php
$email = '[email protected]';
$password = 'senha123';
$query="select * from usuario_app where (email = '$email') AND (sha1(senha) = '$password'))";

echo $query;

Producing the sql:

select * from usuario_app where (email = '[email protected]') AND (sha1(senha) = 'senha123'))

I think you want an sql similar to this:

select * from usuario_app where (email = '[email protected]') AND (senha = sha1('senha123'))

where sha1 would be encrypted password 123. So a possible solution would be:

<?php
$email = '[email protected]';
$password = 'senha123';
//aplicando o hash na senha e reatribuindo na mesma variavel
$password = sha1($password);
$query="select * from usuario_app where (email = '$email') AND (senha = '$password')";

echo $query;

producing the sql:

select * from usuario_app where (email = '[email protected]') AND (senha = '3decd49a6c6dce88c16a85b9a8e42b51aa36f1e2')

by user41630 · Answer 2 · 2017-07-27T23:22:32+00:00

$password = sha1($_GET['password']);

$query = "SELECT * FROM usuario_app WHERE email='".$email."' AND sha1='".$password."'";

This is the correct model.