OK. I changed to hashed passwords in now they are case sensitive. Thanks. -Will "Richard Lynch" <ceo@xxxxxxxxx> kirjoitti viestissä:1672.66.99.91.45.1109180165.squirrel@xxxxxxxxxxxxxxxx > William Stokes wrote: >> I got my little user authentication to work but now I would like to know >> how >> to make and check the (upper/lower) case in password. To put it simple. I >> want users password to be case sensitive. > > The default compile settings for MySQL are case-insensitive. > > Usually, one stores some kind of hash of a password, not a password > itself. > > Since the hash comes out quite differently for upper/lower case, that > usually takes care of case sensitivity. > > Actually, I went the other route and forced all passwords to lowercase > before hashing, because my users were, errr, technically-challenged, and > case sensitivity was too complicated an issue. Yes, really. Been there. > > Anyway, if you are storing the password in plain text (not hashed) and > want case sensitivity, there's probably a MySQL function to compare case > sensitive. http://mysql.com search engine would find it. > > If not, an ugly hack that will almost for sure work, would be: > $query = "select md5('$password') = md5(password) ... "; > > Here, instead of letting MySQL compare the two text strings > case-insensitive, you are doing an MD5 hash on each first, which will > result in wildly different values, and then comparing those > (case-insensitive). > > There is a one in 2 billion chance that somebody could find an input > ('foo') that is not at all related to the actual password ('bar') and > bypass your password that way... > > If that concerns you, then do: > $query = "select md5('$password') = md5(password) and '$password' = > password ..."; > > I don't think there's any chance at all of two passwords with only case > difference having the same MD5 hash... > > -- > Like Music? > http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
