Passowrd Script

Hi

I have a page that the user needs to enter a password to gain access to the main home page. I have been asked that the password be made so that the user can enter the password either uppercase or lowercase, but I am not sure how to do this.

Below is what I have so far:

<?php session_start(); if($_REQUEST['pass'] == "password-here"): $_SESSION['logged'] = 1; header('Location:/welcome/index2.php'); exit; endif; ?>

and the code I have just before my form is:

<?php if($_REQUEST['pass'] && $_REQUEST['pass'] != "password-here"):?>incorrect password<?php endif;?>

Hope someone can help me with this.

Many Thanks

  1. never ever store passwords in plain text.

  2. if the password should match case insensitively, convert it to all-upper/lower-case before you hash the password (before saving and before comparison). be aware though that this reduces the password’s strength by quite a large factor.

Hi

Sorry not sure I understand. I need the ability for the password that is entered can be uppercase or lowercase.

Do you have any examples?

Thanks

convert the input password into all lowercase.

Hi

It is at the moment, but when I go to the login page and enter PASSWORD-HERE in uppercase it says incorrect password

if you don’t do case conversion that’s the expected result.

Hi

So what do I need to add so I can login if I enter the password either in uppercase or lowercase?

see PHP String Functions

Hi

I dont really know what I am looking for, my PHP skills are very limited to say the least!

the more important is it to get used to using the official PHP documentation.

look through the list of string functions and you sure’ll find some that deal with upper/lower-case text.

Please don’t do this. It greatly reduces your entrophy and thus makes you a lot less secure.

@davvam, please read this article

and if you are able to use PHP 5.5 or greater, read this article

1 Like

For 5.3 and 5.4 there is a file you can include to give equivalent functionality.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.