It should be noted that sha1("") does not return an empty string. This means that if you are running a system that does not require users to have a password, the following code will not work as expected:
<?php
if ($StoredPassword == sha1($NewPassword))
?>
If $StoredPassword and $NewPassword are both blank, then the password should be treated as good, but because sha1("") != "" it will be treated as bad. To get the correct behaviour you need to use:
<?php
if (($StoredPassword == "" && $NewPassword == "") || ($StoredPassword == sha1($NewPassword)))
?>
(Note: I use a custom IsBlank() function instead of comparison against the empty string, so NULL values are also matched.)
For reference, here are a couple of special values put through sha1(). Note that sha1("") == sha1(NULL) == sha1(false), and also that sha1(0) != sha1(false)
"" -> da39a3ee5e6b4b0d3255bfef95601890afd80709
NULL -> da39a3ee5e6b4b0d3255bfef95601890afd80709
0 -> b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
1 -> 356a192b7913b04c54574d18c28d46e6395428ab
false -> da39a3ee5e6b4b0d3255bfef95601890afd80709
true -> 356a192b7913b04c54574d18c28d46e6395428ab
