How to add sha1 hash password to LOGIN page

It sounds as if what's stored is the sha1 hash of the password plus a fixed (or variable) salt of 10 characters.

Add a few new users with different passwords. If the last 10 characters of the password are all the same, use

sha1($loginpassword).<the extra 10 characters>

If not, you'll have to search the code to find out how those 10 characters are created, then add that to your hashed password. (You can't use sha1 to generate a 30 character hash - sha1 generates a 20 character hash.)

And sorry for the missing close parens. My native language is Typo.

 

Do you mean sha1 generates 30+ character hash and not 20...?

I was just about to upload all the files for you to test until i realised what the problem was, just before your post Rukbat i solved the problem.


Firstly I want to thank everybody for helping me, including you Rukbat i eventually got it to work!

You won't imagine how much i hate myself right now. Took me 4 whole days to discover what the problem was.

Because i modified the database to set a second set of sha1 passwords (which what my script was trying to match) i set the varchar for the password field to 30 instead of 50!

How easy and at the same time how stupid of me was that?

Somebody kick me side ways!

Thank you all.


P.S: Now i will try and change the script to store sha1 passwords with salt and pepper? I will be back soon!

 

No, it generates a 20 character hash (160 bits). (You might be getting the 40 character hex equivalent - it depends on whether you're using false, true or nothing as a second argument to sha1().)

If that were needed, everyone who wrote code would have bootprints on his butt.

 

Ok this is the other script which does the sha1 encrypting for me, look at the hash at the bottom of this file.

<?php
   if (!defined("_VALID_PHP"))
      die('Direct access to this location is not allowed.');
  
  /**
   * redirect_to()
   * 
   * @param mixed $location
   * @return
   */
  function redirect_to($location)
  {
      if (!headers_sent()) {
          header('Location: ' . $location);
		  exit;
	  } else
          echo '<script type="text/javascript">';
          echo 'window.location.href="' . $location . '";';
          echo '</script>';
          echo '<noscript>';
          echo '<meta http-equiv="refresh" content="0;url=' . $location . '" />';
          echo '</noscript>';
  }
  
  /**
   * countEntries()
   * 
   * @param mixed $table
   * @param string $where
   * @param string $what
   * @return
   */
  function countEntries($table, $where = '', $what = '')
  {
      global $db;
      if (!empty($where) && isset($what)) {
          $q = "SELECT COUNT(*) FROM " . $table . "  WHERE " . $where . " = '" . $what . "' LIMIT 1";
      } else
          $q = "SELECT COUNT(*) FROM " . $table . " LIMIT 1";
      
      $record = $db->query($q);
      $total = $db->fetchrow($record);
      return $total[0];
  }
  
  /**
   * getChecked()
   * 
   * @param mixed $row
   * @param mixed $status
   * @return
   */
  function getChecked($row, $status)
  {
      if ($row == $status) {
          echo "checked=\"checked\"";
      }
  }
  
  /**
   * post()
   * 
   * @param mixed $var
   * @return
   */
  function post($var)
  {
      if (isset($_POST[$var]))
          return $_POST[$var];
  }
  
  /**
   * get()
   * 
   * @param mixed $var
   * @return
   */
  function get($var)
  {
      if (isset($_GET[$var]))
          return $_GET[$var];
  }
  
  /**
   * sanitize()
   * 
   * @param mixed $string
   * @param bool $trim
   * @return
   */
  function sanitize($string, $trim = false, $int = false, $str = false)
  {
      $string = filter_var($string, FILTER_SANITIZE_STRING);
      $string = trim($string);
      $string = stripslashes($string);
      $string = strip_tags($string);
      $string = str_replace(array('‘', '’', '“', '”'), array("'", "'", '"', '"'), $string);
      
	  if ($trim)
          $string = substr($string, 0, $trim);
      if ($int)
		  $string = preg_replace("/[^0-9\s]/", "", $string);
      if ($str)
		  $string = preg_replace("/[^a-zA-Z\s]/", "", $string);
		  
      return $string;
  }
    
  /**
   * getValue()
   * 
   * @param mixed $stwhatring
   * @param mixed $table
   * @param mixed $where
   * @return
   */
  function getValue($what, $table, $where)
  {
      global $db;
      $sql = "SELECT $what FROM $table WHERE $where";
      $row = $db->first($sql);
      return $row[$what];
  }  
  
  /**
   * tooltip()
   * 
   * @param mixed $tip
   * @return
   */
  function tooltip($tip)
  {
      return '<img src="'.SITEURL.'/images/tooltip.png" alt="Tip" class="tooltip" title="' . $tip . '" />';
  }
  
  /**
   * required()
   * 
   * @return
   */
  function required()
  {
      return '<img src="'.SITEURL.'//images/required.png" alt="Required Field" class="tooltip" title="Required Field" />';
  }

  /**
   * cleanOut()
   * 
   * @param mixed $text
   * @return
   */
  function cleanOut($text) {
	 $text =  strtr($text, array('\r\n' => "", '\r' => "", '\n' => ""));
	 $text = html_entity_decode($text, ENT_QUOTES, 'UTF-8');
	 $text = str_replace('<br>', '<br />', $text);
	 return stripslashes($text);
  }
    

  /**
   * isAdmin()
   * 
   * @param mixed $userlevel
   * @return
   */
  function isAdmin($userlevel)
  {
	  switch ($userlevel) {
		  case 9:
		     $display = '<img src="'.SITEURL.'/images/superadmin.png" alt="" class="tooltip" title="Super Admin"/>';
			 break;

		  case 7:
		     $display = '<img src="'.SITEURL.'/images/level7.png" alt="" class="tooltip" title="User Level 7"/>';
			 break;

		  case 6:
		     $display = '<img src="'.SITEURL.'/images/level6.png" alt="" class="tooltip" title="User Level 6"/>';
			 break;

		  case 5:
		     $display = '<img src="'.SITEURL.'/images/level5.png" alt="" class="tooltip" title="User Level 5"/>';
			 break;
			 
		  case 4:
		     $display = '<img src="'.SITEURL.'/images/level4.png" alt="" class="tooltip" title="User Level 4"/>';
			 break;		  

		  case 3:
		     $display = '<img src="'.SITEURL.'/images/level6.png" alt="" class="tooltip" title="User Level 3"/>';
			 break;

		  case 2:
		     $display = '<img src="'.SITEURL.'/images/level5.png" alt="" class="tooltip" title="User Level 2"/>';
			 break;
			 
		  case 1:
		     $display = '<img src="'.SITEURL.'/images/user.png" alt="" class="tooltip" title="User"/>';
			 break;			  
	  }

      return $display;;
  }

  /**
   * userStatus()
   * 
   * @param mixed $id
   * @return
   */
  function userStatus($status)
  {
	  switch ($status) {
		  case "y":
			  $display = '<img src="'.SITEURL.'/images/u_active.png" alt="" class="tooltip" title="User Active"/>';
			  break;
			  
		  case "n":
			  $display = '<img src="'.SITEURL.'/images/u_inactive.png" alt="" class="tooltip" title="User Inactive"/>';
			  break;
			  
		  case "t":
			  $display = '<img src="'.SITEURL.'/images/u_pending.png" alt="" class="tooltip" title="User Pending"/>';
			  break;
			  
		  case "b":
			  $display = '<img src="'.SITEURL.'/images/u_banned.png" alt="" class="tooltip" title="User Banned"/>';
			  break;
	  }
	  
      return $display;;
  }

  /**
   * isActive()
   * 
   * @param mixed $id
   * @return
   */
  function isActive($id)
  {
	  if ($id == 1) {
		  $display = '<img src="'.SITEURL.'/images/yes.png" alt="" class="tooltip img-wrap2" title="Active"/>';
	  } else {
		  $display = '<img src="'.SITEURL.'/images/no.png" alt="" class="tooltip img-wrap2" title="Inactive"/>';
	  }

      return $display;;
  }
  
  /**
   * barHeight()
   * 
   * @param mixed $total
   * @return
   */ 
  function barHeight($total)
  {
      switch ($total) {
          case ($total <= 10):
              print 10;
              break;
          case ($total >= 10 && $total <= 50):
              print 20;
              break;
          case ($total >= 50 && $total <= 100):
              print 30;
              break;
          case ($total >= 100 && $total <= 200):
              print 40;
              break;
          case ($total >= 200 && $total <= 300):
              print 50;
              break;
          case ($total >= 300 && $total <= 500):
              print 60;
              break;
          case ($total >= 500 && $total <= 700):
              print 70;
              break;
          case ($total >= 700 && $total <= 900):
              print 80;
              break;
          case ($total >= 900 && $total <= 1000):
              print 90;
              break;
          case ($total >= 1000 && $total > 3000):
              print 99;
              break;
      }
  }
  
  /**
   * randName()
   * 
   * @return
   */ 
  function randName() {
	  $code = '';
	  for($x = 0; $x<6; $x++) {
		  $code .= '-'.substr(strtoupper(sha1(rand(0,999999999999999))),2,6);
	  }
	  $code = substr($code,1);
	  return $code;
  }
?>

PHP:

hehehe

 

Not really. It generates a string that's 6 groups of 6 characters separated by a hyphen. Something like 567396-BC310B-464239-8EB503-1AFEED-15AB08 or CF109A-C6FE49-FE580D-1CEA36-FC9AAF-3AE299 or E77059-9259D6-CED570-E3E5BE-588B33-CFB95A (those are the first 3 it created when I ran it). It's based on the sha1 hash of a random number, but it has nothing to do with the password the user enters.

 

I see interesting.

So that's got nothing to do with hashing the passwords?