Hi. I'm just writing a site with PHP to learn more.

This is the code to verify the login (just to test):

if ( !strcasecmp($_POST['user_id'], 'wtf') )
//do log in

Now the case of the input shouldn't matter and it works in both Firefox and Opera. But in IE I found that if I use "shift" button to type in caps, then it won't work, but using "caps" works?? In Firefox and Opera, both "shift" and "caps" work.

This is the link http://redrum.no-ip.info/speed/index.php you can try it out.

I also tried this on my other desktop and laptop and same thing happens.

    Platform specific locale encoding. See the manual and notes. Use something more robust and reliable for a login.

      Hi there,

      Instead of using "strcasecmp", why don't you try something like this:

      <?php

if(isset($_POST['user_id']))
{
    if($_POST['user_id'] == 'wtf')
    {
          //do login
    }
}

?>

        Especialy as passwords are supposed to be case sensitive. Using a case-insensitive comparison just makes it that much easier for a dictionary or brute force attack to succeed.

          Write a Reply...