Make login and password not case sensitive

#669 Make login and password not case sensitive

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2006-08-24

Created: 2006-08-24

Creator: zdiva

Private: No

90% of my users have constant problems with username
and password being case sensitive. I have to resend
them their usernames because they do not remember what
case they used. Could you possibly make login/psswrd
not case sensitive? Most of my users use Windows OS
which is not case sensitive and remembering that
phpgedview is, is for most of them, too tedious.

Discussion

Jeff Adams - 2006-08-28

Logged In: YES
user_id=1293534

If you don't mind getting your hands dirty...

Open <whereever you put phpgedview>/includes/authentication.php

and change line 913 (in the "getUser" function) from

---
$sql .= "u_username='".$username."'";
---

to

---
$sql .= "STRCMP(u_username,'".$username."') = 0";
---

The "=" in MySql is case sensitive, but "STRCMP" is usually
not. STRCMP returns 0 if equal, or -1 or +1 to indicate
sort (alphabetical) order.

I just tried it and it works for me (yay, I dislike case
sensitive user names too). It LOOKS like from the code that
it won't affect logs and stuff (I.E. if my account was
created as "jeff" but I log in as "jEfF" everything should
still use "jeff") but I can't say for certain as I didn't
test it extensively.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

John Finlay - 2006-08-28

Logged In: YES
user_id=300048

I could accept having usernames case insensitive. But
passwords should always be case sensitive.

As jeff suggested, it is a very simple change to make. A
simpler change is to use LIKE:
$sql .= "u_username LIKE '".$username."'";

This request also prompted the thought that we could allow
users to enter their username or their email address to
login. Those who forget their username could also try to
login with their email. Hopefully their email is easier for
them to remember. What do you of this idea?

--John

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul King - 2006-09-24

Logged In: YES
user_id=1566627

I agree with both sugguestion - allow case insensitive
username+password, and allow email address instead of
username - security is self defeating if intended users are
discouraged.
Perhaps allow these as options in configuration setup?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Laie Techie - 2006-10-13

Logged In: YES
user_id=1278885

By definition, email addresses are case-insensitive, so
convert both the data in the database and the address
entered by the user to lowercase before comparing.

I don't see any trouble in making usernames
case-insensitive, but passwords should always be
case-sensitive. We hash passwords in such a fashion that we
would not be able to convert the passwords in our database
anyways.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.