How to use password for password for password?

Question

How to use password for password for password?

I have a login to enter the system, but the user can enter the system without case sensitivity. Ways, if your password is "test", then the user can enter with the password "TEST".
I want to avoid this type of authentication in my password field.

+8

php mysql passwords

Sku Dec 12 '11 at 11:29

source share

2 answers

Book of zeus · Answer 1 · 2011-12-12T11:32:14+0000

The easiest way is to use the binary keyword in your query:

SELECT /*fields*/ FROM table WHERE /* where clause */ BINARY password = "userpassword"

OR

use strcmp in your PHP code:

You can also use this if you have a hashed or encrypted password, which I recommend.

Álvaro González · Answer 2 · 2011-12-12T11:44:44+0000

I assume that you keep passwords clear. This is not only quite unsafe, but in most situations. My advice is to store passwords in two columns, for example:

 password_salt VARCHAR(16) password_hash VARCHAR(40)

Before saving a new password, take the user-provided password ( $clear_password ), create a random string ( $salt ) and use both to create a hash ( sha1sum($salt . $clear_password ). Store both the salt and the hash and cancel password clearing.

To verify the password, retrieve the saved salt for this user, generate a hash and see if it matches the hash in the database.

This method is called salty passwords .

How to use password for password for password?

More articles: