Making a login Case Sensitive

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sampage
Forum Newbie
Posts: 22
Joined: Sat Mar 18, 2006 6:17 pm

Making a login Case Sensitive

Post by sampage »

Hi Everyone,

I'm new to the forum and am still a basic PHP programmer.

How do I make sure when the PHP script matches the username compared to the username in the database it is case sensitive. At the moment it matches anything which later on causes problems with the Sessions. I need to create an exact match.

Any advice I would be really greatful for!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

That would depend on how you're doing the match. The quick and dirty way when dealing with databases (that can do it) is set the field to BINARY.
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

Are you doing the comparison in PHP? Or using a database query? Some code might help.
sampage
Forum Newbie
Posts: 22
Joined: Sat Mar 18, 2006 6:17 pm

Post by sampage »

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Sorry I should of explained further.

The user enters a username in a form. This then posts to a logincheck.php page and runs this algorithm.

Code: Select all

$username = $_POST['usernm']; /* Output username and password into simple variables */
$password = $_POST['userpw'];
	
	// strip away any dangerous tags
$username=strip_tags($username);
$password=strip_tags($password);

// add slashes to stop hacking
$username=addslashes($username);
$password=addslashes($password);

// hash password into sha1
$password = sha1($password);

/* SQL statement to query the database */
$query= ("SELECT user_name, user_pass, user_number FROM usr_table WHERE user_name = '$username' AND user_pass = '$password'");
/* query the database */
$result = mysql_query($query);


/* Allow access if a matching record was found, else deny access. */

if (mysql_fetch_row($result))
{ 
  $_SESSION["sessionusername"] = "$username";
  $_SESSION["sessionuserpass"] = "$userpass";
  $_SESSION["sessionlogged_in"] = "true";
  
  // Update last login information. 
  
  $sql = mysql_query("UPDATE usr_table SET user_lastlogin = now() WHERE user_name='$username'") 
  or die (mysql_error()); 
	
 include 'complete.php';

}
Hope that sheds more light on the problem! :)


feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
sampage
Forum Newbie
Posts: 22
Joined: Sat Mar 18, 2006 6:17 pm

Post by sampage »

Sorry for not posting the code correctly, I'll make not to do it properly from now on.

Does anyone have any idea hoe to make the username match case sensitive?
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

BINARY as Feyd said. You'll need to use the BINARY operator in the query (type casting) or change your database table making the column BINARY (this means different things in different versions of MySQL DB).

http://dev.mysql.com/doc/refman/4.1/en/ ... ry-op.html
http://dev.mysql.com/doc/refman/4.1/en/ ... inary.html
sampage
Forum Newbie
Posts: 22
Joined: Sat Mar 18, 2006 6:17 pm

Post by sampage »

Thank you very much, works perfectly and much easier than I predicted! :)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

FYI, addslashes() is not as effective as mysql_real_escape_string(), considering the mysql_* function escapes more than just quotes..
duk
Forum Contributor
Posts: 199
Joined: Wed May 19, 2004 8:45 am
Location: London

Post by duk »

its a good pratice having a case sensitive login ??

in my case i use strtolower and then check in database... for me is better you can have just one duk, and not Duk or dUk, duK, dUK etc...
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

duk wrote:its a good pratice having a case sensitive login ??

in my case i use strtolower and then check in database... for me is better you can have just one duk, and not Duk or dUk, duK, dUK etc...
It all depends on the application, and your goals. Having case sensitivity increases the number of potential accounts, which can be ideal (think of AIM or gmail logins!). Of course, as you mention, it can also confuse the situation.

It all depends. :)
sampage
Forum Newbie
Posts: 22
Joined: Sat Mar 18, 2006 6:17 pm

Post by sampage »

My account login is different to the user name. By informing people upon registration that the login name is case sensitive I hope it encourages people to actively remember there login names etc...

Still not sure, I'll see how it goes and report back!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Typically number of accounts shouldn't be a concern unless have an user base like gmail. If you are going to do it remind them when they are loging in that they name and password are case sensitive, atleast.
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

duk wrote:its a good pratice having a case sensitive login ??

in my case i use strtolower and then check in database... for me is better you can have just one duk, and not Duk or dUk, duK, dUK etc...
This isn't only about case sensitivity because, like PHP, MySQL DB also converts string to numbers during comparisons. So it's kind of important that either DB column or the query take that into account when comparing passwords or usernames.
tomprogers
Forum Commoner
Posts: 50
Joined: Fri Mar 17, 2006 5:17 pm
Location: Minnesota
Contact:

Encrypt your passwords

Post by tomprogers »

In truth, you ought to encrypt passwords before storing them in a database. One-way hashing (like MD5 or SHA1) is case-sensitive.
Post Reply