How to use SHA1 in login with PHP taking parameters?

Navigation
0

I created a password using SHA1 as password encryption, where the password parameter is as follows: 

$senha = sha1($_GET['senha']);

However, I'm not sure how to decrypt, even passing parameter, the sha1() . I have the following example, which I have tried to put in the parameter and in the SQL statement, but it does not login: 

<?php
$email =$_GET['email'];
$password = $_GET['password'];

$query="select * from usuario_app where (email = '$email') AND (sha1(senha) = '$password'))";

$result=$con->query($query);

if ($result->num_rows > 0) 
{
    while($row = $result->fetch_assoc()) 
    {
        echo json_encode($row);
    }           
}
else
{
    echo "error";
}
?>
    
asked by anonymous 28.07.2017 / 00:58

3 answers

3

You do not have to decrypt anything, just encrypt more!

This sha1(senha) you put in your select will not work because it's inside a string, so php will not recognize that you're calling a function, and that's just any part of the string.

The right way to do this select is to encrypt the user's password again and compare the 2 already encrypted data: 

$password = sha1($_GET['password']);
$query = "SELECT * FROM usuario_app WHERE (email = '$email') AND (senha = '$password')";

Note: sha() is a one-way function, ie it is a no-return path, can not decrypt.

    
28.07.2017 / 01:17
2

Let's break it down. Your query looks like this: 

<?php
$email = '[email protected]';
$password = 'senha123';
$query="select * from usuario_app where (email = '$email') AND (sha1(senha) = '$password'))";

echo $query;

Producing sql: 

select * from usuario_app where (email = '[email protected]') AND (sha1(senha) = 'senha123'))

I think you want a sql similar to this: 

select * from usuario_app where (email = '[email protected]') AND (senha = sha1('senha123'))

where sha1 would be encrypted password123. So one possible solution would be: 

<?php
$email = '[email protected]';
$password = 'senha123';
//aplicando o hash na senha e reatribuindo na mesma variavel
$password = sha1($password);
$query="select * from usuario_app where (email = '$email') AND (senha = '$password')";

echo $query;

producing sql: 

select * from usuario_app where (email = '[email protected]') AND (senha = '3decd49a6c6dce88c16a85b9a8e42b51aa36f1e2')
    
28.07.2017 / 01:19
1
$password = sha1($_GET['password']);

$query = "SELECT * FROM usuario_app WHERE email='".$email."' AND sha1='".$password."'";

This is the correct template.

    
28.07.2017 / 01:22
How to find numbers greater than X in a list How to debug a code in JSFiddle?