Solved

Case sensitive passwords

Posted on 2002-04-10
7
228 Views
Last Modified: 2010-04-07
Hi,

the default login behaviour does not cope with case SeNsItIve passwords.

Does anyone know of an extension or code (JScript) that would allow me to use case sensitivity?

Thanks.
0
Comment
Question by:KAbbott
7 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 6932353
I am not sure I follow.. can you paste your current code
that is comparing the password strings?

CJ
0
 
LVL 2

Author Comment

by:KAbbott
ID: 6933355
This is the default code that Ultradev creates for a user login:

// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Request.QueryString;
var MM_valUsername=String(Request.Form("UsernameField"));
if (MM_valUsername != "undefined") {

var IAorIR = "";

     if(Request.Form("radiobutton")=="Ireview"){
     IAorIR = "loggedin/Projectcreateopen/prosavecreate.asp";
     }else{
     IAorIR = "loggedin/Projectcreateopen/prosavecreateIA.asp";
     }
     
  var MM_fldUserAuthorization="";
  var MM_redirectLoginSuccess=IAorIR;
  var MM_redirectLoginFailed="badlogin.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_projectstore_STRING;
  MM_rsUser.Source = "SELECT fnUser, fnPass";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM tblAccess WHERE fnUser='" + MM_valUsername + "' AND fnPass='" + String(Request.Form("PasswordField")) + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && false) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}

But if I type:

LoGiN

or

login

There both the same and allow me to login.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6942720
I dunno what is Ultradev, but it should have some features that can perform as default conditions. I am thinking here how in MS-Access for overall global string comparison:

"The use of an operator to determine whether one string is greater than or equal to another string. If you use Option Compare Text in the Declarations section of a module, string comparisons are not case-sensitive. If you use Option Compare Binary, comparisons are case-sensitive. If you use Option Compare Database, the comparison method is set by the current database."

As Such, Answer: Option Compare Binary in the Declarations section (whatever is the syntax)

Due note, that this can then apply to handling of filenames, in variables, but that they should also be permissive of case-sensitivity. Generally not as applicable to hostname or domain.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Expert Comment

by:Moondancer
ID: 6973860
Have you been helped here, or is more needed?
Moondancer - EE Moderator
0
 
LVL 2

Author Comment

by:KAbbott
ID: 6974176
No,

Still not been able to correct the problem Moondancer.

I've provided the code which ultradev uses as a login (see-above), sorry I should of explained to SunBow that Ultradev (www.macromedia.com) is a WYSIWYG that allows users to create asp to connect to databases through a GUI.

I use the default ultradev login behaviour, but the password allows any case, also I'm using server-side JScript as my programming language.

Hope this information is sufficient to help me further.

Thanks.
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 25 total points
ID: 6982097
This is an issue with MS Access not your code.  MS Access by default returns query results that are case insensitive in matching results.

here is some info on it:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q95605  [Access 97, Access 1.0]
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q209674  [Access 2000]

Try this:

MM_rsUser.Source += " FROM tblAccess WHERE fnUser='" + MM_valUsername + "' AND StrComp(fnPass, '" + String(Request.Form("PasswordField"))
+ "', 0) = 0";


CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7243873
Thanx for the "A".

CJ
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article provides a case study on how our local youth baseball league deployed a new website, including the platform selection, implementation and benefits to the league.
Objective of This Article In 1990’s, when I was a budding software professional, I had a lot of confusion about which stream or technology, I had to choose to build my career. In those days, I had lot of confusion like whether to choose System so…
The purpose of this video is to demonstrate how to make a WordPress Site faster and smaller in size by cleaning up the database. This will be demonstrated using a Windows 8 PC. Plugin WP Optimize will be used. Go to your WordPress login page. T…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now