Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

SHA1 Valued changed to SHA1 value that equal NULL by database

SHA1,null,value changed automatically,MySQL,PHP,login,logout

2:54 pm on May 6, 2011 (gmt 0)

New User

5+ Year Member

joined:Feb 10, 2009
posts: 13
votes: 0

Hello Guys,

I'm having the biggest headache over this issue. I have a system that I designed which uses a standard php login script to a MySQL database. The system has account registration etc. For the past 5 months I've tested multiple accounts and logged in with one primary account with absolutely no problem. However, about 4 days ago, something really strange started to happen. When I log in with USER A account, for example, and then I logout and then I log back in with USER B's account, at some point when I attempt to log back in with USER A's account the system is not able to verify the password. Note: I didn't nothing to change the password. So finally, after banging my head on the wall, I found that the password SHA1 value in the MySQL database was being changed to eef19c54306daa69eda49c0272623bdb5e2b341f. NOTE: This value is NULL. Sure enough, if I login using the password value NULL the system let's me in. Also, when I change the value back to the originally password, the system allows me to login with no problem - that is, until the next time it changes the value to NULL. This happens to each account if I log in and out on multiple occasions. It is strange because I am unable to determine what triggers it BUT, as I said, things were fine for the past 5 months. I have NEVER seen anything like this before and it makes NO sense to me. Please understand that this has never happened before and I am ONLY executing basic password verification queries.


$q = "SELECT user_id, dango_id FROM user WHERE (email='$e' AND password=SHA1('$p')) AND active IS NULL";
$r = mysqli_query ($dbc, $q) OR trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

$myrow = @mysqli_num_rows($r);

if($myrow == 1) {

// Register the VALUES
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);


`user` (
`dango_id` VARCHAR(20) NOT NULL,
`name` VARCHAR(20) NOT NULL,
`email` VARCHAR(75) NOT NULL,
`password` CHAR(40) NOT NULL,
`cate_id` INT(10) NOT NULL,
`acct_type` INT(1) NOT NULL,
`active` CHAR(32) DEFAULT NULL,
`registration_date` DATETIME NOT NULL,
PRIMARY KEY (`user_id`)

Not sure WHY in the world MYSQL keeps changing the SHA1 value to NULL. This is driving me crazy. I apologize for the long explanation and would appreciate any helpful input. Thanks in advance guys.

3:27 pm on May 6, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 12, 2005
votes: 0

I'd put money on it being a problem somewhere in your PHP scripts. Seems like somewhere you are updating that table incorrectly, or correctly just your php variable has not been initialized, therefore defaulting to the string NULL before it gets hashed and inserted into the database.

I'd start by first looking for any script that updates that specific table, especially with regard to the password column.