realjumper Posted July 24, 2007 Share Posted July 24, 2007 I know this has been covered before, in fact I have come up against this before but I don't remember the answer, and my search hasn't come with one either. My problem is that with this simple Login script, username seems to be case sensitive.....and consequently would give lots of problems for users. So, I want the search of the DB to case insensitive. I am currently using LDAP authentication, but I need to return to Mysql authentication for a short while. Here's the code: $username = $_POST['username']; $passwd = $_POST['passwd']; $result = mysql_query("SELECT sid,pword FROM email WHERE sid = '$username' && pword = '$passwd'") or die(mysql_error()); $row= mysql_fetch_array( $result ); if ($username == $row[sid] && $passwd == $row[pword]) { echo "authenticated"; } else{ echo "Go Away"; } The username in the DB is stored as 'JSmith'. If the user types in the username as 'JSmith', authentication is granted....but...if the user types in JSMITH, or jsmith...authentication fails. As there are about 800 users currently in the DB, and there is all sorts of case combinations for their usernames, this presents a problem, as you can imaging!! What's the best thing to do? Any ideas? Thanks :-) Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/ Share on other sites More sharing options...
teng84 Posted July 25, 2007 Share Posted July 25, 2007 dude heres what you can do you can query for the password and once you have the username of that pword you have to convert it to lower case and compare it to user input that is also converted in lower case for sure password is case sensitive Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-306776 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 Thanks teng84...that's the conclusion I reached too, but I was hoping for something a bit more secure. I have just found this article.... "This problem is rare and happens due to MySQL collations settings. Try to find out if your database/tables are set to utf8_bin or other collation (via phpMyAdmin or ask hosting provider). Any collation that ends in "_bin" or "_cs" is case sensitive. If you would like to use utf8 without it being case sensitive, try modifying your databases to use utf8_general_ci instead. All of the _ci collations are case insensitive." If you login to your cPanel account and go to MySQL -> PHPMyAdmin, you can browse your databases and tables there, as well as change the collation for each database and table." ....so I'll check that out too :-) Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-306778 Share on other sites More sharing options...
teng84 Posted July 25, 2007 Share Posted July 25, 2007 so you mean it is ok to have case insensitive password? Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-306782 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 No, it isn't!!! Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-306792 Share on other sites More sharing options...
ss32 Posted July 25, 2007 Share Posted July 25, 2007 why arent you encrypting the passwords? Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-306825 Share on other sites More sharing options...
teng84 Posted July 25, 2007 Share Posted July 25, 2007 No, it isn't!!! thats whats gonna happen using your idea Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-306826 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 Yes, that's right teng84. I'm going to go about it a different way....I'll let you know the result :-) Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307320 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 why arent you encrypting the passwords? I will be using md5, but that isn't the issue here :-) Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307325 Share on other sites More sharing options...
redarrow Posted July 25, 2007 Share Posted July 25, 2007 see if this works dont no my self ok. <?php $username = $_POST['username']; $passwd = $_POST['passwd']; if( strtoupper($username) || strtolower($username) ){ $result = mysql_query("SELECT sid,pword FROM email WHERE sid = '$username' && pword = '$passwd'") or die(mysql_error()); $row= mysql_fetch_array( $result ); if ($username == $row[sid] && $passwd == $row[pword]) { echo "authenticated"; } else{ echo "Go Away"; } } ?> Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307332 Share on other sites More sharing options...
akitchin Posted July 25, 2007 Share Posted July 25, 2007 you can simply LOWERCASE() both usernames when you compare them. might as well use MySQL to its full advantage. $result = mysql_query("SELECT sid,pword FROM email WHERE LOWERCASE(sid) = LOWERCASE('$username') && pword = '$passwd'") PS: redarrow's solution will not work. Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307333 Share on other sites More sharing options...
redarrow Posted July 25, 2007 Share Posted July 25, 2007 so it would work if you said $username=strtolower($username); so in essance this would work <?php $username = strtolower($_POST['username']); $passwd = $_POST['passwd']; $result = mysql_query("SELECT sid,pword FROM email WHERE sid = '$username' && pword = '$passwd'") or die(mysql_error()); $row= mysql_fetch_array( $result ); if ($username == $row[sid] && $passwd == $row[pword]) { echo "authenticated"; } else{ echo "Go Away"; } ?> Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307336 Share on other sites More sharing options...
akitchin Posted July 25, 2007 Share Posted July 25, 2007 .. AND if you made the username in the database lower case when comparing them, otherwise the cases may still not match. Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307340 Share on other sites More sharing options...
deadimp Posted July 25, 2007 Share Posted July 25, 2007 Huh, by default any string comparisons I do on MySQL by default are case-insensitive. Have you checked up on that collation thing yet? Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307345 Share on other sites More sharing options...
redarrow Posted July 25, 2007 Share Posted July 25, 2007 you can solve this by selecting the database names then strtolower all names then update the names colum i think. wouldnt that be easer. Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307346 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 you can simply LOWERCASE() both usernames when you compare them. might as well use MySQL to its full advantage. $result = mysql_query("SELECT sid,pword FROM email WHERE LOWERCASE(sid) = LOWERCASE('$username') && pword = '$passwd'") PS: redarrow's solution will not work. FUNCTION mydatabase.LOWERCASE does not exist - is the result!! Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307386 Share on other sites More sharing options...
maxudaskin Posted July 25, 2007 Share Posted July 25, 2007 A good thing to do is this: Use this in the registration page and login page. <?php $user = $_POST['username']; $user = strtolower($user) ?> Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307391 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 A good thing to do is this: Use this in the registration page and login page. <?php $user = $_POST['username']; $user = strtolower($user) ?> That's true, but I have over 600 users already so that won't help the situation :-) Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307402 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 you can simply LOWERCASE() both usernames when you compare them. might as well use MySQL to its full advantage. $result = mysql_query("SELECT sid,pword FROM email WHERE LOWERCASE(sid) = LOWERCASE('$username') && pword = '$passwd'") PS: redarrow's solution will not work. FUNCTION mydatabase.LOWERCASE does not exist - is the result!! This works!! :-) $result = mysql_query("SELECT sid,pword FROM email WHERE LOWER(sid) = LOWER('$username') && pword = '$passwd'") Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307405 Share on other sites More sharing options...
redarrow Posted July 25, 2007 Share Posted July 25, 2007 chage all usernames in database to lowercase as shown below, and chage the form registry input name to insert to database to lowercase <?php //database connection. $username = $_POST['username']; $query1 = "SELECT username from email "; $result=mysql_query($query1)or die("mysql_error()"); while($row=mysql_fetch_assoc( $result )){ $row['username']=$username; $x=strtolower($username); $query2="update email set username='$x' where username='".$row['username']."'"; $result2=mysql_query($query2)or die("mysql_error()"); } ?> Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307415 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 Okay....here's what I have done. This works fine..... $username = $_POST['username']; $passwd = md5($_POST['passwd']); // Query the db $result = mysql_query("SELECT sid,pword FROM email WHERE LOWER(sid) = LOWER('$username') && pword = '$passwd'") or die(mysql_error()); $row= mysql_fetch_array( $result ); $username = strtolower($row[username]); //try to authenticate against mysql if($username == $row[username] && $passwd == $row[pword]) { echo "Authenticated"; } //or else try to authenticate against LDAP elseif($username != $row[username] || $passwd != $row[pword]) { // lots of LDAP code here } //or, authentication failed because the account doesn't exist else{ echo "Go Away"; } Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307423 Share on other sites More sharing options...
akitchin Posted July 25, 2007 Share Posted July 25, 2007 good to see it working. sorry, i sometimes mix up the function names - the MySQL manual is your friend (good to see you fixed it on your own). Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307424 Share on other sites More sharing options...
realjumper Posted July 25, 2007 Author Share Posted July 25, 2007 Thanks for everyones help :-) Link to comment https://forums.phpfreaks.com/topic/61633-solved-login-case-sensitive-issue/#findComment-307460 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.