Hello, i just coded for login script now i want to add "sha1" to my code due to security reason but it's showing an invalid login error i don't know the reason but when i use this withouht "sha1" it's working fine but i want to secure password into database please hwlp what's wrong i'm doing..
here is my code for login.php:
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$myusername=addslashes($_POST['username']);
$mypassword=addslashes($_POST['password']);
$sql="SELECT * FROM admin WHERE username='$myusername' AND passcode='.sha1[$mypassword]' ";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
$_SESSION["myusername"];
$_SESSION['login_user']=$myusername;
header("location: welcome.php");
}
else
{
echo "Your Login Name or Password is invalid";
}
}
?> <form action="" method="post"> <label>UserName :</label> <input type="text" name="username"/><br /> <label>Password :</label> <input type="password" name="password"/><br/> <input type="submit" value=" Submit "/><br /> </form>
And here is my code for insert.php:
<?php
$con=mysqli_connect("localhost","root","Bhawanku","members");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$hash_key=sha1($_POST['password']);
$sql="INSERT INTO admin
VALUES
('', '$_POST[username]','$hash_key')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
