Hi Folks,
I have a login page and stored username and password in mysql as 'admin' and 'admin' respectivley. My problem is like if I am entering a username and paasword like ADMIN and ADMIN its get logged in I want restrict that.So please anybody have look at this..
Jump to PostInstead of storing the password just like a normal string, save it as an encrypted string, using SHA1 or something. This will provide you more security as well as solves your issue.
Here is an example to clarify any further doubt.<?php echo SHA1("ABC"); echo "<br />"; …
Jump to PostHey.
This could be an issue with your database charsets. Some databases, like MySQL, use a case-insensitive collate by default.
You can fix that in MySQL by setting the default collate to a case-sensitive one:
(Note that the 'cs' or 'ci' at the end of collate names indicates whether …
Instead of storing the password just like a normal string, save it as an encrypted string, using SHA1 or something. This will provide you more security as well as solves your issue.
Here is an example to clarify any further doubt.
<?php
echo SHA1("ABC");
echo "<br />";
echo SHA1("abc");
?>
Hey.
This could be an issue with your database charsets. Some databases, like MySQL, use a case-insensitive collate by default.
You can fix that in MySQL by setting the default collate to a case-sensitive one:
(Note that the 'cs' or 'ci' at the end of collate names indicates whether they are case-sensitive or case-insensitive.)
mysql> CREATE TABLE `cotest`(
-> `value` VarChar(255)
-> ) ENGINE=MyISAM CHARACTER SET=latin1 COLLATE=latin1_general_cs;
Query OK, 0 rows affected (0.03 sec)
mysql> INSERT INTO `cotest` VALUES('Admin'), ('admin'), ('ADMIN');
Query OK, 3 rows affected (0.00 sec)
Records: 3 Duplicates: 0 Warnings: 0
mysql> SELECT * FROM `cotest` WHERE `value` = 'admin';
+-------+
| value |
+-------+
| admin |
+-------+
1 row in set (0.00 sec)Or you can specify this in the SQL query itself:
mysql> CREATE TABLE `cotest`(
-> `value` VarChar(255)
-> ) ENGINE=MyISAM CHARACTER SET=latin1 COLLATE=latin1_general_ci;
Query OK, 0 rows affected (0.05 sec)
mysql> INSERT INTO `cotest` VALUES('Admin'), ('admin'), ('ADMIN');
Query OK, 3 rows affected (0.00 sec)
Records: 3 Duplicates: 0 Warnings: 0
mysql> SELECT * FROM `cotest` WHERE `value` = 'admin';
+-------+
| value |
+-------+
| Admin |
| admin |
| ADMIN |
+-------+
3 rows in set (0.00 sec)
mysql> SELECT * FROM `cotest` WHERE `value` = _latin1 'admin' COLLATE latin1_general_cs;
+-------+
| value |
+-------+
| admin |
+-------+
1 row in set (0.00 sec)Thanks for your Information anyway i Got the things cleared we need to give the code like below to avoid the problem
$query="select * from admin_login where admin_user like binary '$f_user' and admin_pwd like binary '$f_psw'";One binary we need to add before column.
I would still think about encrypting my password. :) Anyways, Congrats and good luck.
I'm glad you solved it :)
I would still think about encrypting my password. :) Anyways, Congrats and good luck.
Agreed. It's a very small effort to hash your passwords, but it makes a huge difference to the security of your application.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.