kam Posted January 20, 2012 Share Posted January 20, 2012 I want use SHA1 to hash the password instead hash_hmac() function and used the syntax in page 79 return mysqli_real_escape_string($dbc, sha1($password, true)); but it looks still the database storing hash_hmac() instead of sha1. please help. Link to comment Share on other sites More sharing options...
Jonathon Posted January 20, 2012 Share Posted January 20, 2012 What is the password hash being stored as? Link to comment Share on other sites More sharing options...
kam Posted January 20, 2012 Author Share Posted January 20, 2012 thanks. The password hash stored as CHAR 40 in the database. and stored as something like ?c?~]? Link to comment Share on other sites More sharing options...
Larry Posted January 20, 2012 Share Posted January 20, 2012 What you're seeing is the password being stored as binary data, the same as with hash_hmac(). But you're using SHA1() in the function call, which means the password is being stored using SHA1(). Link to comment Share on other sites More sharing options...
kam Posted January 21, 2012 Author Share Posted January 21, 2012 Good Morning. I am using Zend framework accessing the login page: $adapter = new Zend_Auth_Adapter_DbTable($dbRead, 'users', 'username', 'password', 'sha1(?)'); also I tested in dreamweaver log in user server behavior: if (isset($_POST['password'])) {$_POST['password'] = sha1($_POST['password']); } The thing is both logins fails. I think since the password stored as binary it cannot be dycrypted. is there anyway we can store the password SHA1 or MD5 directly in the database instead hash_hmac() Thanks Link to comment Share on other sites More sharing options...
kam Posted January 22, 2012 Author Share Posted January 22, 2012 Thank you very much Larry. Finally it's working. One more thing to ask: is there any other instructions for activating accounts when user registers? Thanks Link to comment Share on other sites More sharing options...
Larry Posted January 23, 2012 Share Posted January 23, 2012 I'm glad it's working. As for your question, I'm not sure what you're asking. Link to comment Share on other sites More sharing options...
kam Posted January 25, 2012 Author Share Posted January 25, 2012 Good Morning Larry. After user registers successfully, The email for registration confirmation I want include a link to an activation page site. at Page 90 Now I have activate page and code column set to NULL value so to complete the activation process it looks I am missing some php script which I want some help from you. I hope you understand, English is my second language Thanks Link to comment Share on other sites More sharing options...
Larry Posted January 25, 2012 Share Posted January 25, 2012 Okay. I have an example of this in my "PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)" book. Basically you create a code, like the MD5() version of the user's registration date and time. You then create a link to activate.php?x=email@example.com&y=CODE, inserting the actual user's email address and code there. This link gets emailed to the user. The code needs to go in the database. The activate link then verifies those two pieces of information and sets the active column in the database to NULL if the provided values are correct. On the login page, you add an active IS NULL clause to the login query. That's it! Link to comment Share on other sites More sharing options...
Recommended Posts