case-sensitive logins (13 posts)

  1. spaceninja
    Posted 11 years ago #

    Is there any way to make the logins NOT case-sensitive? I have a weblog that my entire family uses, and these people are not going to be able to handle case-sensitive logins.

  2. spaceninja
    Posted 11 years ago #

    No one knows?

  3. Mark (podz)
    Support Maven
    Posted 11 years ago #

    You could make the password all lower-case if you wanted ?

  4. spaceninja
    Posted 11 years ago #

    The password isn't the problem - it's the login (username) - these people aren't very techy, and having to remember that Scott is different from scott will cause problems. Any ideas?

  5. Mark (podz)
    Support Maven
    Posted 11 years ago #

    Making a login or pw case-insensitive reduces the security aspect.

    You could play with the login file and write a reminder there maybe ? I doubt it'll take too many failed tries for him to remember. Also, his browser may auto-complete for him anyway.

  6. pixelpope
    Posted 11 years ago #

    Duh. It took me like 10 minutes to figure out that login names are case sensitive.

    Really this is more confusing than it is securing anything, as login names are case-insensitive in 99%.

  7. cavan
    Posted 11 years ago #

    There's no further input on this? For our site, I don't want our users' password or username to be case-sensitive. It's frustrating for a lot of them who aren't so saavy with the WWW and computers in general...and quite a few get irritated and give up trying to 'blog in'.

    How can I go about changing this?

  8. Beel
    Posted 11 years ago #

    I suppose you'd have to find all the instances of where the user_login is created and used before it "goes to the database" then wrap it in the php function strtolower()

    Might be easier to let the dolts figure it out for themselves or post a "case sensitive" note to them.

  9. TechGnome
    Posted 11 years ago #

    Well, this dolt wished the devs had done that imagine my #^#&@$%^^*@#$%^ surprise after installing WP and I tried to login as "admin" .... spent two ^%$&$%^& hours trying to figure it out. Changed the password, tried this... tried that..... finaly on a whim, I tried "Admin" and what do you know, the sunnovabitch worked.... So am I stupid, or should there have been a better warning? All it told me was that my user name and password were wrong... there should have been some thing that included a note that the user name is case sensitive....

    But I'm just a gnome... what the heck do I know?


  10. Beel
    Posted 11 years ago #

    'Tis a bit better than the old days, I imagine. I just registered as a new user and if typing "William" wasn't a clear indication that would be my username, then the e-mail I got saying:
    Subject: Your username and password
    Username: William
    Password: bfa8466

    sure should have been. ;-)

    Do you have a little car that goes "beep-beep-beep"?

  11. mr_dotty
    Posted 10 years ago #

    This seems to work for me. The most annoying thing was that it said the password was wrong, when the problem was the username's case.
    Ver: WP 2.0.2
    File: pluggable-functions.php
    Change line 194(in my case) from: if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
    to: if ( ($already_md5 && md5($login->user_pass) == $password) || (strtolower($login->user_login) == strtolower($username) && $login->user_pass == md5($password)) ) {

  12. Dgold
    Posted 10 years ago #

    I did what Podz said: "You could play with the login file and write a reminder there maybe ?"

    I modified the register and login pages (i think they're something like register.php and login.php, found 'em somewhere in the wp-admin I think). My blogs now simply say "Username is CaSE sEnSitIVe" right above where you type in the username, under the WordPress logo.

    The funny thing was after that I had someone new register using the username "case sensitive."

  13. mr_dotty
    Posted 10 years ago #

    Sorry, forget what I wrote two messages up. It works, but they gets logged in with the case they wrote. Not very good, so I made another approach. Find the two lines in wp-login.php:

    if ( $user_login && $user_pass ) {
    $user = new WP_User(0, $user_login);

    Put this line between them:

    $user_login_tmp = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login LIKE '$user_login'");
    if ( !$user_login_tmp == '' ) $user_login = $user_login_tmp;

    And you might wish to add trim to password and userlogin. When people copy and paste, a space is often at the end.
    $user_login = trim(sanitize_user( $user_login ));
    $user_pass = trim($_POST['pwd']);

    Hopefully this is a "final solution" :)

    Dgold; I have a line "Write nothing here" on my blog. A few people wrote the word nothing there...

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.