open.mp forum
Having problems with SHA1 storing and loading password - Printable Version

+ open.mp forum (https://forum.open.mp)
-- Forum: General (https://forum.open.mp/forumdisplay.php?fid=19)
--- Forum: Programming (https://forum.open.mp/forumdisplay.php?fid=56)
--- Thread: Having problems with SHA1 storing and loading password (/showthread.php?tid=1055)



Having problems with SHA1 storing and loading password - Th3CrazzyRabbit - 2020-04-18

Well to be honest its first time a costumer asked me for a SHa1 store and load from database as its not that safe anymore , myself i use bcrypt all the time.



However im trying to come together with this? login / signup system and at signup everything works perfectly , sha1 encrypts it and stores it to the database



Now the issue its the loading from database , even tho i write the same password it still doesnt work



this is the code from loading the Sha1



PHP Code:
$hashpass sha1($userpass);

 ? ? ? ? ? ? ? ?if (
password_verify($hashpass$row['password']))

? ? ? ? ? ? ? ?{

? ? ? ? ? ? ? ? ? ?
session_start();

? ? ? ? ? ? ? ? ? ?
$_SESSION['userid'] = $row['Master_ID'];

? ? ? ? ? ? ? ? ? ?
header("Location:../index.php?login:sucess");

? ? ? ? ? ? ? ?}

? ? ? ? ? ? ? ?else{

? ? ? ? ? ? ? ? ? ?
header("Location:../login.php?error:wrongpassword");

? ? ? ? ? ? ? ? ? ?exit();

? ? ? ? ? ? ? ?} 







Storing



PHP Code:
$hashedpass sha1($password);

 ? ? ? ? ? ? ? ? ? ? ? ?
mysqli_stmt_bind_param($stmt"sss"$username$email$hashedpass);

? ? ? ? ? ? ? ? ? ? ? ?
mysqli_stmt_execute($stmt);

? ? ? ? ? ? ? ? ? ? ? ?
header("Location:../index.php?Signup:Sucessful"); 





Help me pelase , i really need this.


RE: Having problems with SHA1 storing and loading password - BigETI - 2020-04-18

You have three options:

1. Tell your customer to migrate to a safer users system

2. Tell your customer to fuck off

3. (not recommended at all) Actually read the documentation of `password_verify` to find out that it can't be used in that context. Do a string comparison of the stored hash and hashed input. This method is very unsafe and you are literally playing with user passwords. THIS IS NOT RECOMMENDED AT ALL!


RE: Having problems with SHA1 storing and loading password - Y_Less - 2020-04-18

Presumably your client hired you as an expert. In which case, tell them the problems and use a good system.


RE: Having problems with SHA1 storing and loading password - Th3CrazzyRabbit - 2020-04-18

To be honest i have told him 3 times not only once but he wants to stick with sha1 and there's nothing i can do , if thats what he wants i have to do it



i told him that even if his database gets leaked , theres websites online that can reverse the hash code so no idea , just help me out if you can


RE: Having problems with SHA1 storing and loading password - Y_Less - 2020-04-19

I'm not going to help you do a potentially dangerous thing. The problem isn't your job, or your client's lack of understanding. The problem is their customers using that system with no idea of how unsafe it is. They are the people I'm concerned about.


RE: Having problems with SHA1 storing and loading password - Th3CrazzyRabbit - 2020-04-19

Its okay , i've already canceled the work with him unless he updates the system to bcrypt , thank you.