Opened 17 years ago
Closed 15 years ago
#2244 closed defect (bug) (fixed)
Make login error check case-sensitive
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.5 | Priority: | normal |
| Severity: | normal | Version: | 2.0 |
| Component: | Administration | Keywords: | |
| Focuses: | Cc: |
Description
When trying to login as 'Admin' (while that user is named 'admin') WordPress won't allow you to login; but the error generated is 'password invalid' while it should be 'user unknown'. This took me several hours to trace down; a fix is appreciated :)
Attachments (3)
Change History (13)
#4
@
17 years ago
I agree with skippy on that. Why should there be a distinction between admin and Admin or skippy and Skippy?
I'd say str_tolower() on the submitted data but for legacy issues, I would also suggest a str_tolower() on the compared string that is in the database.
#5
@
16 years ago
- Keywords 2nd-opinion added; login case sensitive error bg|has-patch removed
Which brings up the question... do we want case sensitive logins? Or the other way around (case insensitive logins)?
Open to debate.
#7
@
16 years ago
- Milestone set to 2.4
On almost all systems I know the login name is case insensitive and the password is case sensitive.
I'm +1 for making Wordpress act that way as well.
#8
@
16 years ago
Personally I think it should be case insensitive usernames, which is how the core WP code currently operates (as the DB layer is case insensitive).
Passwords are still case sensitive as md5's are case sensitive.
I've attached a patch which cleans up the wp_login function, The empty password code was removed as thats handled in the login form anyway.
I'll also attach one which has case sensitive user logins, and displays the correct error.
why not just str_tolower() the submitted data? Or do we want case-sensitive logins? Should Admin be a different user from admin?