I’m using SHA1 to encrypt a password. In my original code I checked if the password fields were empty with: if (empty($newpassword) and (empty($newpassword2))) { }
Since I now use SHA1 and it automatically generates da39a3ee5e6b4b0d3255bfef95601890afd80709 when field is left blank, how do I re-write my code?
Translate da39a3ee5e6b4b0d3255bfef95601890afd80709 back to string? Or something else?
Please help.
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // oude password controle if ($password == $qpassword) $oudpassword_goed = 1; // password controle if ($newpassword == $newpassword2) $newpassword_goed = 1; if (empty($newpassword) and (empty($newpassword2))) $newpassword_goed = 2; // email controle if ($email == $email2) $email_goed = 1; }
Advertisement
Answer
What you can do to check if the password field is not empty is use strlen()
to check the length of the string you’re actually sending, so if the string is longer than 0
, then It’s not empty, else display an error, telling them that their password field is empty and don’t add it to the database. Also, there’s no way to convert SHA1
back to an original string since SHA1
is a cryptography hashing algorithm, and that would defeat the purpose behind it. Main difference between hashing and encryption is that one can be decrypted and the other one can not. This however doesn’t mean SHA1
hashes can’t be brute forced, they are indeed easy targets, as well as MD5
, but that’s for another conversation outside of this scope.