Password problem

[wut]

Having a little problem with passwords, they are stored clear text and not encrypted because its for an assignment and I need to prove in the write up that users can change their passwords.

 

Anyway when I register a user with a username and a password of say Password1, I can still login with PASSword1 or any other variation of upper and lower case characters!

 

This is my select statement:

$qry = "SELECT * FROM users WHERE username='$username' AND password='$password'";

 

Just wondering if there is anything that can be done to this, I read somewhere about using === but that doesn't seem to be fixing the problem, it just causes the query to fail!

Using MySQL if thats any help.

 

Thanks

[teynon]

http://dev.mysql.com/doc/refman/5.0/en/case-sensitivity.html <- Is one solution.

 

The other solution is to select the password and then in PHP, compare the strings. Or if you encrypt the password, case sensitivity will happen automagically.

[reelmark]

you are not likely to encrypt the passwords, please read the following

 

http://developer.pidgin.im/wiki/PlainTextPasswords

 

[xyph]

Alternately, you can just check if the passwords are the same using PHP. Setting the charset of your password field as non-ci (case-insensitive) would be ideal though.

 

<?php

$qry = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($qry);
if( $result == FALSE ) {
echo 'Could not execute query';
} else {
$data = mysql_fetch_assoc($result);
if(mysql_num_rows($result) < 1 || $data['password'] != $password ) {
	echo 'Could not find username/password combo.';
} else {
	echo 'Logged in successfully.';
}
}


?>

[wut]

Thanks xyph!