Checking Usernames and PasswordsWhen validating a username and a password (for example, in a script that backs an HTML login form), two things seem to form a de facto standard on the Web:
Therefore, a username has to be compared without considering case sensitivity. This can be done either by using strcasecmp()see the previous phraseor by first converting both the provided password and the real password into lowercase letters (or uppercase letters). This is done by the functions strtolower() or strtoupper(). The preceding code shows an example, using strcmp()/strcasecmp() and also the compare operator ===. Validating Logins by Comparing Strings (comparelogin.php)<?php $user = (isset($_GET['user'])) ? $_GET['user'] : ''; $pass = (isset($_GET['pass'])) ? $_GET['pass'] : ''; if ( (strtolower($user) === 'damon' && $pass === 'secret') || (strtoupper($user) === 'SHELLEY' && $pass === 'verysecret') || (strcasecmp($user, 'Christian') == 0 && strcmp($pass, 'topsecret') == 0) ) { echo 'Login successful.'; } else { echo 'Login failed.'; } ?> Depending on the data provided in the uniform resource locator (URL) of the call to the script, the login either fails or succeeds. For instance, the following URL successfully logs in the user (you have to change the servername portion): http://servername/comparelogin. php?user=cHRISTIAN&&pass=topsecret On the other hand, the following login does fail: http://servername/comparelogin. php?user=Christian&&pass=TopSecret
|