Page 1 of 1

Password from database

Posted: Wed Oct 06, 2010 7:27 am
by shafiq2626
Hi !
I have a password value PPssPP in password field. PP are in upper case.
when i try to log in then i give ppsspp all words in lowercase but this is accepted by php code. it should be check that actual value have Upper case words also.
can anyone help to solve this matter.
thanks

Re: Password from database

Posted: Wed Oct 06, 2010 9:20 am
by s.dot
MySQL does not compare cases if you select "WHERE `password` = '$password'" in the query. If you hash the password it will be case sensitive.

Re: Password from database

Posted: Wed Oct 06, 2010 11:43 am
by flying_circus
s.dot wrote:MySQL does not compare cases if you select "WHERE `password` = '$password'" in the query.
It does if the datatype is binary :)

Re: Password from database

Posted: Wed Oct 06, 2010 1:02 pm
by twinedev

Re: Password from database

Posted: Wed Oct 06, 2010 11:48 pm
by shafiq2626
s.dot wrote:MySQL does not compare cases if you select "WHERE `password` = '$password'" in the query. If you hash the password it will be case sensitive.
how set hash like this '/$password/'

Re: Password from database

Posted: Wed Oct 06, 2010 11:57 pm
by John Cartwright
Case sensitivity is determined by the character set chosen. Anything that ends in _ci is case insensitive.

Re: Password from database

Posted: Thu Oct 07, 2010 4:54 am
by shafiq2626
Hi!
Password will be accepted in case sensitive at that time when you make log in table then at the time of making password field Collection will be latin1_general_cs.
this is best solution.

Re: Password from database

Posted: Thu Oct 07, 2010 11:11 am
by flying_circus
shafiq2626 wrote:Hi!
Password will be accepted in case sensitive at that time when you make log in table then at the time of making password field Collection will be latin1_general_cs.
this is best solution.
The best solution is to do what s.dot suggested and hash your passwords. I can't tell from the information that you've given us, but storing passwords in plain text is not a bright idea. Use a strong algorithm such as sha512, a random salt, and preferably a pepper.