Reply to Re: [PHP] password case sensitive

Your name:

Reply:


Posted by Richard Lynch on 02/23/05 19:36

William Stokes wrote:
> I got my little user authentication to work but now I would like to know
> how
> to make and check the (upper/lower) case in password. To put it simple. I
> want users password to be case sensitive.

The default compile settings for MySQL are case-insensitive.

Usually, one stores some kind of hash of a password, not a password itself.

Since the hash comes out quite differently for upper/lower case, that
usually takes care of case sensitivity.

Actually, I went the other route and forced all passwords to lowercase
before hashing, because my users were, errr, technically-challenged, and
case sensitivity was too complicated an issue. Yes, really. Been there.

Anyway, if you are storing the password in plain text (not hashed) and
want case sensitivity, there's probably a MySQL function to compare case
sensitive. http://mysql.com search engine would find it.

If not, an ugly hack that will almost for sure work, would be:
$query = "select md5('$password') = md5(password) ... ";

Here, instead of letting MySQL compare the two text strings
case-insensitive, you are doing an MD5 hash on each first, which will
result in wildly different values, and then comparing those
(case-insensitive).

There is a one in 2 billion chance that somebody could find an input
('foo') that is not at all related to the actual password ('bar') and
bypass your password that way...

If that concerns you, then do:
$query = "select md5('$password') = md5(password) and '$password' =
password ...";

I don't think there's any chance at all of two passwords with only case
difference having the same MD5 hash...

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация