sha1 Coding Problem

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

New php-forum User
New php-forum User
Posts: 1
Joined: Fri Oct 01, 2010 6:04 am

sha1 Coding Problem

Postby plonic » Fri Oct 01, 2010 6:16 am


I am developing a secure login system for users. I am using PHP5 and MySQL. I have sorted out the registration section without a problem and the password is stored as a SHA1 Hash in the user table.

I now need a 'check login section' to recieve data from the login form. My code is -


/* Check user details */
$con = mysql_connect("localhost","my_db", "my password");
$passwordHash = sha1($_POST['password']);
$username = $_POST['username'];
$db = mysql_select_db("my_db", $con);

if (!$con)
die('Could not connect: ' . mysql_error());

$sql = 'SELECT username FROM users WHERE username = ? AND passwordHash = ?';
$result = $db->query($sql, array('$username', '$passwordHash'));
if ($result->numRows() < 1)
/* Access denied */
echo 'Sorry, your username or password was incorrect!';
/* Log user in */
printf('Welcome back %s!', $_POST['username']);


My database connection is solid. I keep getting the following error -

Fatal error: Call to a member function query() on a non-object in /home/threesix/public_html/checklogin5.php on line 15

Line 15 is -

$result = $db->query($sql, array('$username', '$passwordHash'));

I would be grateful if someone could tell me which object has not been defined.


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest