error when comparing sha1 in php

2

I am doing a login system but comparing the password that the user typed with the one that is in the error database. When the user registers in the system applies two sha1 type: sha1(sha1($_POST['senha']));

But when I compare some of the error, because it is not the same code saved, I do not know if it is something in the code, follow the code there, already thank you ..

  if(isset($_POST['email']) && strlen($_POST['email']) > 0){

if(!isset($_SESSION))
  session_start();

   $link = DBConnect();
   $_SESSION['email'] = $link->escape_string($_POST['email']);
   $_SESSION['senha'] = sha1(sha1($_POST['senha']));


$UserCheck = DBRead( 'usuarios', "WHERE email = '". $_POST['email']."'", 'id,email,senha');  
var_dump($UserCheck);
$id = (string)$UserCheck[0]['id'];
$email = (string)$UserCheck[0]['email'];
$senha = (string)$UserCheck[0]['senha'];
var_dump($id.'</br></br>'.$email.'</br>'.$senha);
$senhasession = sha1(sha1($_SESSION['senha']));
var_dump($senhasession);
  if ($email)
    if($senha == $senhasession){
      $_SESSION['usuario'] = $id;
      //echo "<script>location.href='admin.php'</script>";
      echo $id;
    }
    else{
      //echo "<script>alert('Senha incorreta!');</script>";
    }

  else{
    echo "<script>alert('Email incorreto!');</script>";
  }

}

    
asked by anonymous 08.07.2016 / 21:15

1 answer

3

In this ceiling

$senhasession = sha1(sha1($_SESSION['senha']));

change to

$senhasession = $_SESSION['senha'];

The reason is that on a previous line you are already applying the "double sha1"

$_SESSION['senha'] = sha1(sha1($_POST['senha']));
    
08.07.2016 / 21:28