[英]My password validation is not case sensitive
It is a login form with only username and password. 这是一个仅包含用户名和密码的登录表单。 It works well but i want my information to be case sensitive.
它工作正常,但我希望我的信息区分大小写。 For example my database username is : David and password :PooPoo.
例如,我的数据库用户名是:David,密码是:PooPoo。 Although if i insert user name: daVid and password: PoOPOo it parse the form.
虽然如果我输入用户名:daVid和密码:PoOPOo它会解析该窗体。
My code looks like this: 我的代码如下所示:
<?php
session_start();
if (isset($_SESSION["manager"])) {
header("location: index.php");
exit();
}
?>
<?php
if (isset($_POST["username"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 1) { // evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
}else{
print '<script type="text/javascript">';
print 'alert("wrong info")';
print '</script>';
}
}
?>
My validation script 我的验证脚本
<script type="text/javascript" language="javascript">
function validateMyForm ( ) {
var isValid = true;
if ( document.adminlogin.username.value == "" ) {
alert ( "Please enter your username" );
isValid = false;
} else if ( document.adminlogin.password.value == "" ) {
alert ( "Please enter password" );
isValid = false;
}
return isValid;
}
</script>
Where is my error please? 请问我的错误在哪里?
I think the error is worrying about case sensitivity in the first place. 我认为该错误首先是担心区分大小写的问题。 Insisting that passwords be case sensitive is usually overstated.
坚持要求密码区分大小写通常被夸大了。 Yes, it adds strength to a password of a given length, but so does increasing that length.
是的,它增加了给定长度密码的强度,但是增加了该长度。 In both cases the password becomes a bit harder to remember, but the mixed case password is probably easier to spy on.
在这两种情况下,密码都很难记住,但是混合大小写的密码可能更易于监视。
Leaving the caps lock on is so common that many sign-in screens (eg, Windows) now provide some kink of warning. 保持大写锁定很常见,以至于许多登录屏幕(例如Windows)现在都提供一些警告。 Rejecting a password because the caps lock is on gives a grand total of 1 extra bit of entropy out of a typical 40 to 80 bits, but in return it gives the disgruntled co-worker next to you one more chance to see you type it in. If you are typing in 'PooPoo' (2 letters next to each other on the keyboard) they might even be able to catch this one just by listening to keyboard clicks or looking for finger smudges on a touch screen.
因为大写锁定处于打开状态而拒绝了密码,但在典型的40到80位中,熵总共增加了1位,但是作为回报,它给了您旁边不满的同事更多的机会看到您键入它。如果您输入的是“ PooPoo”(键盘上两个字母,两个字母相邻),他们甚至可以通过听键盘单击或在触摸屏上查找手指污迹来捕捉到这一点。
Mixed case passwords and the inconvenience it creates for users make most of us slow down and become very deliberate in the way we type. 大小写混合的密码及其给用户带来的不便使我们大多数人放慢了脚步,并且在输入方式上变得非常刻意。 I have seen many touch typists resort to the 2-finger approach because of the awkwardness of toggling between cases (even worse on most phones), making it super easy to spy on.
我已经看到许多触摸打字员诉诸于两指方法,因为在不同情况之间切换是很尴尬的(在大多数手机上甚至更糟),这使得监视超级容易。
Well you should use md5() function to store you user's password (and do the same on the validation). 好吧,您应该使用md5()函数存储您的用户密码(并在验证中执行相同操作)。 Since md5() is case sensitive by itself it will automatically do the job.
由于md5()本身是区分大小写的,它将自动完成此工作。
With this you'll be solving your case problem, and making your password storing safer 这样,您将解决案例问题,并使密码存储更安全
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.