Member Avatar for jithusdani

Hi Folks,

I have a login page and stored username and password in mysql as 'admin' and 'admin' respectivley. My problem is like if I am entering a username and paasword like ADMIN and ADMIN its get logged in I want restrict that.So please anybody have look at this..

  • 3 Contributors
  • 5 Replies
  • 167 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by Atli
Member Avatar for nav33n

Instead of storing the password just like a normal string, save it as an encrypted string, using SHA1 or something. This will provide you more security as well as solves your issue.
Here is an example to clarify any further doubt.

<?php
echo SHA1("ABC");
echo "<br />";
echo SHA1("abc");
?>
Member Avatar for Atli

Hey.

This could be an issue with your database charsets. Some databases, like MySQL, use a case-insensitive collate by default.

You can fix that in MySQL by setting the default collate to a case-sensitive one:
(Note that the 'cs' or 'ci' at the end of collate names indicates whether they are case-sensitive or case-insensitive.)

mysql> CREATE TABLE `cotest`(
    ->  `value` VarChar(255)
    -> ) ENGINE=MyISAM CHARACTER SET=latin1 COLLATE=latin1_general_cs;
Query OK, 0 rows affected (0.03 sec)

mysql> INSERT INTO `cotest` VALUES('Admin'), ('admin'), ('ADMIN');
Query OK, 3 rows affected (0.00 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> SELECT * FROM `cotest` WHERE `value` = 'admin';
+-------+
| value |
+-------+
| admin |
+-------+
1 row in set (0.00 sec)

Or you can specify this in the SQL query itself:

mysql> CREATE TABLE `cotest`(
    ->  `value` VarChar(255)
    -> ) ENGINE=MyISAM CHARACTER SET=latin1 COLLATE=latin1_general_ci;
Query OK, 0 rows affected (0.05 sec)

mysql> INSERT INTO `cotest` VALUES('Admin'), ('admin'), ('ADMIN');
Query OK, 3 rows affected (0.00 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> SELECT * FROM `cotest` WHERE `value` = 'admin';
+-------+
| value |
+-------+
| Admin |
| admin |
| ADMIN |
+-------+
3 rows in set (0.00 sec)

mysql> SELECT * FROM `cotest` WHERE  `value` = _latin1 'admin' COLLATE latin1_general_cs;
+-------+
| value |
+-------+
| admin |
+-------+
1 row in set (0.00 sec)
Edited by Atli because: Spelling. It's my keyboard, it hates me :-)
Member Avatar for jithusdani

Thanks for your Information anyway i Got the things cleared we need to give the code like below to avoid the problem

$query="select * from admin_login where admin_user like binary '$f_user' and admin_pwd like binary '$f_psw'";

One binary we need to add before column.

Member Avatar for nav33n

I would still think about encrypting my password. :) Anyways, Congrats and good luck.

Member Avatar for Atli

I'm glad you solved it :)

I would still think about encrypting my password. :) Anyways, Congrats and good luck.

Agreed. It's a very small effort to hash your passwords, but it makes a huge difference to the security of your application.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.