Make WordPress Core

Opened 16 years ago

Closed 14 years ago

#2244 closed defect (bug) (fixed)

Make login error check case-sensitive

Reported by: Spider007 Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.0
Component: Administration Keywords:
Focuses: Cc:


When trying to login as 'Admin' (while that user is named 'admin') WordPress won't allow you to login; but the error generated is 'password invalid' while it should be 'user unknown'. This took me several hours to trace down; a fix is appreciated :)

Attachments (3)

2244.diff (577 bytes) - added by davidhouse 16 years ago.
2244.casesensitive.diff (1.2 KB) - added by DD32 14 years ago.
Case Sensitive logins
2244.caseinsensitive.diff (1.2 KB) - added by DD32 14 years ago.
Case Insensitive logins

Download all attachments as: .zip

Change History (13)

16 years ago

#1 @davidhouse
16 years ago

  • Keywords bg|has-ppatch added

#2 @davidhouse
16 years ago

  • Keywords bg|has-patch added; bg|has-ppatch removed

#3 @skippy
16 years ago

why not just str_tolower() the submitted data? Or do we want case-sensitive logins? Should Admin be a different user from admin?

#4 @abhay
16 years ago

I agree with skippy on that. Why should there be a distinction between admin and Admin or skippy and Skippy?

I'd say str_tolower() on the submitted data but for legacy issues, I would also suggest a str_tolower() on the compared string that is in the database.

#5 @rob1n
15 years ago

  • Keywords 2nd-opinion added; login case sensitive error bg|has-patch removed

Which brings up the question... do we want case sensitive logins? Or the other way around (case insensitive logins)?

Open to debate.

#6 @markjaquith
15 years ago

I'd rather not change it at this point.

#7 @Nazgul
15 years ago

  • Milestone set to 2.4

On almost all systems I know the login name is case insensitive and the password is case sensitive.

I'm +1 for making Wordpress act that way as well.

#8 @DD32
14 years ago

Personally I think it should be case insensitive usernames, which is how the core WP code currently operates (as the DB layer is case insensitive).
Passwords are still case sensitive as md5's are case sensitive.

I've attached a patch which cleans up the wp_login function, The empty password code was removed as thats handled in the login form anyway.

I'll also attach one which has case sensitive user logins, and displays the correct error.

14 years ago

Case Sensitive logins

14 years ago

Case Insensitive logins

#9 @DD32
14 years ago

  • Keywords has-patch added

#10 @DD32
14 years ago

  • Keywords 2nd-opinion has-patch removed
  • Resolution set to fixed
  • Status changed from new to closed

fixed as part of [6350]. See #2394

Note: See TracTickets for help on using tickets.