Skip to content
Advertisement

How to check if PHP field is empty when using SHA1

I’m using SHA1 to encrypt a password. In my original code I checked if the password fields were empty with: if (empty($newpassword) and (empty($newpassword2))) { }

Since I now use SHA1 and it automatically generates da39a3ee5e6b4b0d3255bfef95601890afd80709 when field is left blank, how do I re-write my code?

Translate da39a3ee5e6b4b0d3255bfef95601890afd80709 back to string? Or something else?

Please help.

    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        // oude password controle
        if ($password == $qpassword)
            $oudpassword_goed = 1;
        // password controle
        if ($newpassword == $newpassword2)
            $newpassword_goed = 1;
        if (empty($newpassword) and (empty($newpassword2)))
            $newpassword_goed = 2;
        // email controle
        if ($email == $email2)
            $email_goed = 1;
    }

Advertisement

Answer

What you can do to check if the password field is not empty is use strlen() to check the length of the string you’re actually sending, so if the string is longer than 0, then It’s not empty, else display an error, telling them that their password field is empty and don’t add it to the database. Also, there’s no way to convert SHA1 back to an original string since SHA1 is a cryptography hashing algorithm, and that would defeat the purpose behind it. Main difference between hashing and encryption is that one can be decrypted and the other one can not. This however doesn’t mean SHA1 hashes can’t be brute forced, they are indeed easy targets, as well as MD5, but that’s for another conversation outside of this scope.

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement