Make WordPress Core

Opened 17 years ago

Closed 15 years ago

#2244 closed defect (bug) (fixed)

Make login error check case-sensitive

Reported by: spider007's profile Spider007 Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.0
Component: Administration Keywords:
Focuses: Cc:


When trying to login as 'Admin' (while that user is named 'admin') WordPress won't allow you to login; but the error generated is 'password invalid' while it should be 'user unknown'. This took me several hours to trace down; a fix is appreciated :)

Attachments (3)

2244.diff (577 bytes) - added by davidhouse 17 years ago.
2244.casesensitive.diff (1.2 KB) - added by DD32 16 years ago.
Case Sensitive logins
2244.caseinsensitive.diff (1.2 KB) - added by DD32 16 years ago.
Case Insensitive logins

Download all attachments as: .zip

Change History (13)

17 years ago

#1 @davidhouse
17 years ago

  • Keywords bg|has-ppatch added

#2 @davidhouse
17 years ago

  • Keywords bg|has-patch added; bg|has-ppatch removed

#3 @skippy
17 years ago

why not just str_tolower() the submitted data? Or do we want case-sensitive logins? Should Admin be a different user from admin?

#4 @abhay
17 years ago

I agree with skippy on that. Why should there be a distinction between admin and Admin or skippy and Skippy?

I'd say str_tolower() on the submitted data but for legacy issues, I would also suggest a str_tolower() on the compared string that is in the database.

#5 @rob1n
16 years ago

  • Keywords 2nd-opinion added; login case sensitive error bg|has-patch removed

Which brings up the question... do we want case sensitive logins? Or the other way around (case insensitive logins)?

Open to debate.

#6 @markjaquith
16 years ago

I'd rather not change it at this point.

#7 @Nazgul
16 years ago

  • Milestone set to 2.4

On almost all systems I know the login name is case insensitive and the password is case sensitive.

I'm +1 for making Wordpress act that way as well.

#8 @DD32
16 years ago

Personally I think it should be case insensitive usernames, which is how the core WP code currently operates (as the DB layer is case insensitive).
Passwords are still case sensitive as md5's are case sensitive.

I've attached a patch which cleans up the wp_login function, The empty password code was removed as thats handled in the login form anyway.

I'll also attach one which has case sensitive user logins, and displays the correct error.

16 years ago

Case Sensitive logins

16 years ago

Case Insensitive logins

#9 @DD32
16 years ago

  • Keywords has-patch added

#10 @DD32
15 years ago

  • Keywords 2nd-opinion has-patch removed
  • Resolution set to fixed
  • Status changed from new to closed

fixed as part of [6350]. See #2394

Note: See TracTickets for help on using tickets.