Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to check if PHP field is empty when using SHA1

Tags:

php

sql-update

encryption

sha1

I'm using SHA1 to encrypt a password. In my original code I checked if the password fields were empty with: if (empty($newpassword) and (empty($newpassword2))) { }

Since I now use SHA1 and it automatically generates da39a3ee5e6b4b0d3255bfef95601890afd80709 when field is left blank, how do I re-write my code?

Translate da39a3ee5e6b4b0d3255bfef95601890afd80709 back to string? Or something else?

Please help.

    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        // oude password controle
        if ($password == $qpassword)
            $oudpassword_goed = 1;
        // password controle
        if ($newpassword == $newpassword2)
            $newpassword_goed = 1;
        if (empty($newpassword) and (empty($newpassword2)))
            $newpassword_goed = 2;
        // email controle
        if ($email == $email2)
            $email_goed = 1;
    }
like image 847
TMNuclear Avatar asked Oct 16 '12 11:10

TMNuclear

4 Answers

Just check the input before you hash it.

Also, don't use empty(). This will tell you the user entered an empty password if their password is 0 (of course, you're not allowing passwords of only one character, right?)

CodePad.

like image 191
alex Avatar answered Nov 09 '22 11:11

alex

You could check for da39a3ee5e6b4b0d3255bfef95601890afd80709 to check if it is empty.

Better though is to check emptiness before hashing.

like image 37
Bart Friederichs Avatar answered Nov 09 '22 12:11

Bart Friederichs

What you can do to check if the password field is not empty is use strlen() to check the length of the string you're actually sending, so if the string is longer than 0, then It's not empty, else display an error, telling them that their password field is empty and don't add it to the database. Also, there's no way to convert SHA1 back to an original string since SHA1 is a cryptography hashing algorithm, and that would defeat the purpose behind it. Main difference between hashing and encryption is that one can be decrypted and the other one can not. This however doesn't mean SHA1 hashes can't be brute forced, they are indeed easy targets, as well as MD5, but that's for another conversation outside of this scope.

like image 43
Ignacio Belhot Colistro Avatar answered Nov 09 '22 11:11

Ignacio Belhot Colistro

The SHA1 hash of da39a3ee5e6b4b0d3255bfef95601890afd80709 is a well-known hash of an empty string. Check against this value.

like image 1
sainiuc Avatar answered Nov 09 '22 11:11

sainiuc
Sign in to Comment

Related questions

PHP: How to use dynamic variable name with a class' setter
Check if email address already exists in the database using jQuery and PHP
UPDATE query with CakePHP
Is it possible to prevent DDos Attack by cpanel configuration and php scripting?
curl is activated but is not showing in phpinfo
load data infile, dealing with fields with comma
Manipulate MySQL Database Data
permission denied upon mkdir
save a PDF file to a directory using mPDF [duplicate]
Mysqli fetch array nth row
how to generate unique id in php based on current data and time?
CodeIgniter config charset and UTF-8 support
php is_file always return false
Exclude public pages from access control list
How to change php-cli Version (Wamp)
Calling a function in a PHP script from the command line
Multidimensional array, find item and move to the top?
paypal create recurring profile showing the next payment date same as profile start date
php function array_keys equivalent in jquery [duplicate]
How to configure doctrine extensions in Zend Framework 2?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!