mariovaldez.net
http://www.mariovaldez.net/webapps/forums/

Case Sensitivity
http://www.mariovaldez.net/webapps/forums/viewtopic.php?f=11&t=2432
Page 1 of 1

Author:  Andrew Neale [ 28 May 2009, 04:21 ]
Post subject:  Case Sensitivity

Sorry, probably been covered already, but by default username and password are case insensitive. Apart from the obvious diminished level of security, the problem I had was that I subsequently used the username as criteria in an SQL 'WHERE' statement to retrieve user specific content for my web page depending on who had logged in. Worked fine provided the user logged in with exactly matching credentials, but if they got the case wrong, they'd still get in to the site, but no content..!

The following modification worked for me, which basically makes the username and password case sensitive by not forcing them to uppercase before comparing. In the file slogin_lib.inc.php find the following 2 lines and change to:


if (strtoupper (trim ($slogin_content[0])) == strtoupper (trim ($username))) {

Changes to

if (trim ($slogin_content[0]) == trim ($username)) {

And

if (strtoupper (trim ($slogin_content[1])) == strtoupper (trim ($password))) {

Changes to

if (trim ($slogin_content[1]) == trim ($password)) {

Author:  nhowieson [ 21 Aug 2009, 10:42 ]
Post subject:  Re: Case Sensitivity

Nice one, - thanks for that.

Page 1 of 1 All times are UTC - 7 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/