Making a login Case Sensitive
Moderator: General Moderators
Making a login Case Sensitive
Hi Everyone,
I'm new to the forum and am still a basic PHP programmer.
How do I make sure when the PHP script matches the username compared to the username in the database it is case sensitive. At the moment it matches anything which later on causes problems with the Sessions. I need to create an exact match.
Any advice I would be really greatful for!
I'm new to the forum and am still a basic PHP programmer.
How do I make sure when the PHP script matches the username compared to the username in the database it is case sensitive. At the moment it matches anything which later on causes problems with the Sessions. I need to create an exact match.
Any advice I would be really greatful for!
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
feyd | Please use
Hope that sheds more light on the problem! 
feyd | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Sorry I should of explained further.
The user enters a username in a form. This then posts to a logincheck.php page and runs this algorithm.Code: Select all
$username = $_POST['usernm']; /* Output username and password into simple variables */
$password = $_POST['userpw'];
// strip away any dangerous tags
$username=strip_tags($username);
$password=strip_tags($password);
// add slashes to stop hacking
$username=addslashes($username);
$password=addslashes($password);
// hash password into sha1
$password = sha1($password);
/* SQL statement to query the database */
$query= ("SELECT user_name, user_pass, user_number FROM usr_table WHERE user_name = '$username' AND user_pass = '$password'");
/* query the database */
$result = mysql_query($query);
/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
{
$_SESSION["sessionusername"] = "$username";
$_SESSION["sessionuserpass"] = "$userpass";
$_SESSION["sessionlogged_in"] = "true";
// Update last login information.
$sql = mysql_query("UPDATE usr_table SET user_lastlogin = now() WHERE user_name='$username'")
or die (mysql_error());
include 'complete.php';
}feyd | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
BINARY as Feyd said. You'll need to use the BINARY operator in the query (type casting) or change your database table making the column BINARY (this means different things in different versions of MySQL DB).
http://dev.mysql.com/doc/refman/4.1/en/ ... ry-op.html
http://dev.mysql.com/doc/refman/4.1/en/ ... inary.html
http://dev.mysql.com/doc/refman/4.1/en/ ... ry-op.html
http://dev.mysql.com/doc/refman/4.1/en/ ... inary.html
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
It all depends on the application, and your goals. Having case sensitivity increases the number of potential accounts, which can be ideal (think of AIM or gmail logins!). Of course, as you mention, it can also confuse the situation.duk wrote:its a good pratice having a case sensitive login ??
in my case i use strtolower and then check in database... for me is better you can have just one duk, and not Duk or dUk, duK, dUK etc...
It all depends.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
This isn't only about case sensitivity because, like PHP, MySQL DB also converts string to numbers during comparisons. So it's kind of important that either DB column or the query take that into account when comparing passwords or usernames.duk wrote:its a good pratice having a case sensitive login ??
in my case i use strtolower and then check in database... for me is better you can have just one duk, and not Duk or dUk, duK, dUK etc...
-
tomprogers
- Forum Commoner
- Posts: 50
- Joined: Fri Mar 17, 2006 5:17 pm
- Location: Minnesota
- Contact:
Encrypt your passwords
In truth, you ought to encrypt passwords before storing them in a database. One-way hashing (like MD5 or SHA1) is case-sensitive.