William Stokes wrote: > I got my little user authentication to work but now I would like to know > how > to make and check the (upper/lower) case in password. To put it simple. I > want users password to be case sensitive. The default compile settings for MySQL are case-insensitive. Usually, one stores some kind of hash of a password, not a password itself. Since the hash comes out quite differently for upper/lower case, that usually takes care of case sensitivity. Actually, I went the other route and forced all passwords to lowercase before hashing, because my users were, errr, technically-challenged, and case sensitivity was too complicated an issue. Yes, really. Been there. Anyway, if you are storing the password in plain text (not hashed) and want case sensitivity, there's probably a MySQL function to compare case sensitive. http://mysql.com search engine would find it. If not, an ugly hack that will almost for sure work, would be: $query = "select md5('$password') = md5(password) ... "; Here, instead of letting MySQL compare the two text strings case-insensitive, you are doing an MD5 hash on each first, which will result in wildly different values, and then comparing those (case-insensitive). There is a one in 2 billion chance that somebody could find an input ('foo') that is not at all related to the actual password ('bar') and bypass your password that way... If that concerns you, then do: $query = "select md5('$password') = md5(password) and '$password' = password ..."; I don't think there's any chance at all of two passwords with only case difference having the same MD5 hash... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
