0

Hi Folks,

I have a login page and stored username and password in mysql as 'admin' and 'admin' respectivley. My problem is like if I am entering a username and paasword like ADMIN and ADMIN its get logged in I want restrict that.So please anybody have look at this..

3
Contributors
5
Replies
7
Views
7 Years
Discussion Span
Last Post by Atli
2

Instead of storing the password just like a normal string, save it as an encrypted string, using SHA1 or something. This will provide you more security as well as solves your issue.
Here is an example to clarify any further doubt.

<?php
echo SHA1("ABC");
echo "<br />";
echo SHA1("abc");
?>
0

Hey.

This could be an issue with your database charsets. Some databases, like MySQL, use a case-insensitive collate by default.

You can fix that in MySQL by setting the default collate to a case-sensitive one:
(Note that the 'cs' or 'ci' at the end of collate names indicates whether they are case-sensitive or case-insensitive.)

mysql> CREATE TABLE `cotest`(
    ->  `value` VarChar(255)
    -> ) ENGINE=MyISAM CHARACTER SET=latin1 COLLATE=latin1_general_cs;
Query OK, 0 rows affected (0.03 sec)

mysql> INSERT INTO `cotest` VALUES('Admin'), ('admin'), ('ADMIN');
Query OK, 3 rows affected (0.00 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> SELECT * FROM `cotest` WHERE `value` = 'admin';
+-------+
| value |
+-------+
| admin |
+-------+
1 row in set (0.00 sec)

Or you can specify this in the SQL query itself:

mysql> CREATE TABLE `cotest`(
    ->  `value` VarChar(255)
    -> ) ENGINE=MyISAM CHARACTER SET=latin1 COLLATE=latin1_general_ci;
Query OK, 0 rows affected (0.05 sec)

mysql> INSERT INTO `cotest` VALUES('Admin'), ('admin'), ('ADMIN');
Query OK, 3 rows affected (0.00 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> SELECT * FROM `cotest` WHERE `value` = 'admin';
+-------+
| value |
+-------+
| Admin |
| admin |
| ADMIN |
+-------+
3 rows in set (0.00 sec)

mysql> SELECT * FROM `cotest` WHERE  `value` = _latin1 'admin' COLLATE latin1_general_cs;
+-------+
| value |
+-------+
| admin |
+-------+
1 row in set (0.00 sec)

Edited by Atli: Spelling. It's my keyboard, it hates me :-)

0

Thanks for your Information anyway i Got the things cleared we need to give the code like below to avoid the problem

$query="select * from admin_login where admin_user like binary '$f_user' and admin_pwd like binary '$f_psw'";

One binary we need to add before column.

0

I'm glad you solved it :)

I would still think about encrypting my password. :) Anyways, Congrats and good luck.

Agreed. It's a very small effort to hash your passwords, but it makes a huge difference to the security of your application.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.