I have a register script that adds the password to the database and as I've noticed, it doesn't matter if the password is PASSWORD or PaSsWoRd or password, they all work when logging in at the login page.
I want the password to be case-sensitive, so if the user set "Password", either "PASSWORD" or "PassWorD" shouldn't work. ONLY "Password" when they're logging in.
It's PHP and MySQL that I'm coding with.
How do I make inputs case-sensitive in PHP/MySQL?
it is by default case sensitive. So your mistake should be in the php script where you are cheking if the input password equals to the password in the database. So if you use '==' in the if statement you should not have any problems.
example: if ($password == $user[password]) {}
Reply:I'm guessing that in your mysql query you're checking the username and password (for example WHERE `username` = 'username' AND `password` = 'password'). Mysql checks fields case insensitively, what you can simply do is WHERE `username` = 'username' and then retrieve that row and check the stored username's password against the password they gave you since PHP string checks are case sensitive.
Also, like someone else said, make sure you encrypt your passwords into and out of the mysql table (for example encrypt it in with md5($storedPassword) and then check their inputted password with md5($givenPassword).
Reply:For a start you must be storing the passwords in clear text. This is very dangerous. If you store them in password() format, they are encrypted. You can then compare the encrypted version of password typed against the encrypted one. This should achieve case sensitivity.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment