Reputation: 834
Password is not checking case sensitivity
I have a login form in a website which I have created.I have used PHP for verifying password,and password is stored in MYSQL database.The problem i'm facing is Password is not case sensitive.It accepts the characters without considering the case.I'm using Kubuntu linux OS
Could anyone please help to solve this problem?.What value I should use for COLLATION in mysql/my.cnf to avoid this?Or is there any other solution for this?
Any help is greatly appreciated.
Thanks.
Upvotes: 2
Views: 3280
Answers (6)
Reputation: 78991
It seems like you are storing password in general text. Otherwise collation like utf8_general_ci should not be a problem generally.
You should hash you password with md5() or sha1() while you store passwords.
Upvotes: 1
Reputation: 5226
You can use the strcmp function in php or use something like
"SELECT [...] WHERE BINARY tablename.password = $form_password"
Upvotes: 0
Reputation: 258608
While Konerak's answer is correct, I would go a different way and not store the password in clear, but a hash, possibly an md5 or sha1.
Upvotes: 1
Reputation: 77965
One other way to solve your problem would be to hash the password before storing it into the database. This would also increase the security as the password would not be stored unencrypted in the database.
$hash_to_store_in_database = sha1($password);
You can search on the web for how to store hashed passwords, using salt and all other security things.
Upvotes: 1
Reputation: 33447
This implies that you're storing the passwords in plaintext which is usually not a good idea. Anyway, one option would be to retrieve the password and compare it in PHP instead of in a WHERE clause.
Upvotes: 1
Reputation: 39763
Your MySQL collation is probably case-insensitive. Change the column where the password is stored to a case-sensitive collation.
Some rules of thumb:
- When a collation ends in _ci, it is case-insensitive.
- When a collation ends in _cs, it is case-sensitive.
Example:
- utf8_general_ci is case-insensitive.
- utf8_bin is case-sensitive
However, an important note
If you are experiencing this problem, you are probably storing the passwords wrong. You should not store the passwords in plain text, but you should store a hash of the password instead, and salt it properly.
Then, when a user logs in, you hash his entry, and compare the hash with what your DB holds. When both equal, the user probably entered a correct password.
Upvotes: 10
Related Questions
- How to check username and password case sensitive?
- Problem in enforcing case sensitivity in MySQL
- Case Sensitive PHP PDO login script
- If MYSQL is case insensitive,How does it works for the Password field in Login?
- Case sensitive password query but not username
- Php MySQL case sensitive
- MySQL Username not case sensitive
- Uppercase is not respected in PHP/MySQL
- How to use the case-sensitive for MySQL password field?
- SQL Query is not checking case sensitively