I am making a registration page and I used sha1() to encrypt my passwords upon registration. I check my tables and the passwords are encrypted but when I try logging in, the password is considered invalid. I was wondering if someone could check the login code for it? I am aware that sha1() is unsuitable for password encryption but I haven't learnt better encryption methods yet and this is considered enough for our assignment.
Registration code:
<?php
if (!empty($_POST) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['email'])) {
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$email = strip_tags($_POST['email']);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$email = mysqli_real_escape_string($db, $email);
$passwordhash = sha1($_POST["password"]);
$query = "SELECT COUNT(*) AS count FROM login_details WHERE Username = '".$username."'";
$result = $db->query($query);
$data = $result->fetch_assoc();
if ($data['count'] > 0) {
echo "<p>Username taken!</p>";
} else {
$query = "INSERT INTO login_details (Username, Password, Email) VALUES ('".$username."','".$passwordhash."','".$email."')";
$result = $db->query($query);
$query = "INSERT INTO authors (Name) VALUES ('".$username."')";
$result = $db->query($query);
$query = "INSERT INTO `login_profile` (`user_id`, `author_id`) SELECT `login_details`.`id`, `authors`.`id` FROM `login_details`, `authors` WHERE `login_details`.`Username` = '".$username."' AND `authors`.`Name` = '".$username."'";
$result = $db->query($query);
if ($result) {
echo "<p>User registered!</p>";
} else {
echo "SQL Error: " . $db->error;
}
}
}
?>
Thank you!