I'm writing a php script and I was wondering if I should allow spaces in user passwords. I'm using sha1() to hash the password, and it seems to do fine with passwords containing spaces. However, I've noticed that a lot of major sites don't allow passwords to contain spaces. Is there a reason for this or is it ok to allow them?
You should definitely allow spaces in passwords. Many people prefer to use passphrases, and by disallowing spaces you are making life hard for them for no benefit.
In addition to allowing passphrases instead of passwords, you should also encourage them because they are more secure (OK, I admit half the reason I wrote this was to put in the xkcd link).
There's absolutely no good reason to ever restrict the characters users can use in their passwords. Ever.
I don't see why there would be. If it doesn't cause any problems with your implementation (and it shouldn't), all it would do is expand the available character space by 1, and make cracking that much harder.
Restricting the characters allowed in a password is pointless as long as your hashing mechanism is able to hash them identically every time. For example, you might not want to hash multibyte characters if you intend to do password checking from a system that uses a different character encoding, like hashing the password in PHP and trying to check it in Java.