• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 284
  • Last Modified:

Case sensitive passwords

Hi,

the default login behaviour does not cope with case SeNsItIve passwords.

Does anyone know of an extension or code (JScript) that would allow me to use case sensitivity?

Thanks.
0
KAbbott
Asked:
KAbbott
1 Solution
 
cheekycjCommented:
I am not sure I follow.. can you paste your current code
that is comparing the password strings?

CJ
0
 
KAbbottAuthor Commented:
This is the default code that Ultradev creates for a user login:

// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Request.QueryString;
var MM_valUsername=String(Request.Form("UsernameField"));
if (MM_valUsername != "undefined") {

var IAorIR = "";

     if(Request.Form("radiobutton")=="Ireview"){
     IAorIR = "loggedin/Projectcreateopen/prosavecreate.asp";
     }else{
     IAorIR = "loggedin/Projectcreateopen/prosavecreateIA.asp";
     }
     
  var MM_fldUserAuthorization="";
  var MM_redirectLoginSuccess=IAorIR;
  var MM_redirectLoginFailed="badlogin.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_projectstore_STRING;
  MM_rsUser.Source = "SELECT fnUser, fnPass";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM tblAccess WHERE fnUser='" + MM_valUsername + "' AND fnPass='" + String(Request.Form("PasswordField")) + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && false) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}

But if I type:

LoGiN

or

login

There both the same and allow me to login.
0
 
SunBowCommented:
I dunno what is Ultradev, but it should have some features that can perform as default conditions. I am thinking here how in MS-Access for overall global string comparison:

"The use of an operator to determine whether one string is greater than or equal to another string. If you use Option Compare Text in the Declarations section of a module, string comparisons are not case-sensitive. If you use Option Compare Binary, comparisons are case-sensitive. If you use Option Compare Database, the comparison method is set by the current database."

As Such, Answer: Option Compare Binary in the Declarations section (whatever is the syntax)

Due note, that this can then apply to handling of filenames, in variables, but that they should also be permissive of case-sensitivity. Generally not as applicable to hostname or domain.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
MoondancerCommented:
Have you been helped here, or is more needed?
Moondancer - EE Moderator
0
 
KAbbottAuthor Commented:
No,

Still not been able to correct the problem Moondancer.

I've provided the code which ultradev uses as a login (see-above), sorry I should of explained to SunBow that Ultradev (www.macromedia.com) is a WYSIWYG that allows users to create asp to connect to databases through a GUI.

I use the default ultradev login behaviour, but the password allows any case, also I'm using server-side JScript as my programming language.

Hope this information is sufficient to help me further.

Thanks.
0
 
cheekycjCommented:
This is an issue with MS Access not your code.  MS Access by default returns query results that are case insensitive in matching results.

here is some info on it:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q95605  [Access 97, Access 1.0]
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q209674  [Access 2000]

Try this:

MM_rsUser.Source += " FROM tblAccess WHERE fnUser='" + MM_valUsername + "' AND StrComp(fnPass, '" + String(Request.Form("PasswordField"))
+ "', 0) = 0";


CJ
0
 
cheekycjCommented:
Thanx for the "A".

CJ
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now