#1
  1. Master MC
    ASP Explorer (0 - 99 posts)

    Join Date
    Aug 2004
    Location
    South Africa
    Posts
    43
    Rep Power
    14

    Question Case-sensitive Password compare


    Hi there,
    I have a procedure to check if the user-entered username & password
    match with the data in the SQL database. The problem is I want it to be
    case-sensitive only when comparing the passwords, but not the usernames.
    The code I have allows the user in if both the username and password match but it doesn't
    do a case-sensitive compare cos even if the password is typed in uppercase, the user is
    granted permission to access the secure area.

    This is the code I use:

    ' this is where all the processing is taking place

    Public
    Function isValidUser(ByVal strName AsString, ByVal strPassword AsString) AsBoolean
    Dim conn AsNew dbConnection

    isValidUser =
    False' no user info found yet
    Dim da AsNew SqlClient.SqlDataAdapter("select * from tblAdmins where " & _
    "adminUsername = @usrname and adminPassword = @pwd", conn.connAdmin)

    Dim ds AsNew DataSet
    Dim param As SqlClient.SqlParameter = da.SelectCommand.Parameters.Add("@usrname", SqlDbType.VarChar, 20)
    param.Value = strName
    param = da.SelectCommand.Parameters.Add("@pwd", SqlDbType.VarChar)
    param.Value = strPassword

    Try
    da.Fill(ds)
    ' ds.Tables(0).CaseSensitive = True
    If ds.Tables(0).Rows.Count > 0 Then
    isValidUser = True' a match found
    EndIf

    Catch ex As Exception
    lblMessage.Text = ex.Message.ToString
    Finally
    conn.connAdmin.Close()
    EndTry
    EndFunction

    PrivateSub ibtnLogin_Click(ByVal sender As System.Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles ibtnLogin.Click
    Dim gotoURL AsString = Server.UrlEncode(Request.QueryString("ReturnUrl"))
    Dim strUsername AsString = Server.HtmlEncode(txtUsername.Text.ToString)
    Dim strPassword AsString = Server.HtmlEncode(txtPassword.Text.ToString)

    Try
    If isValidUser(strUsername, strPassword) Then
    FormsAuthentication.RedirectFromLoginPage(strUsern ame, chkPersist.Checked)
    ' ibtnLogin.Enabled =
    False' disable for successful login
    If gotoURL = "" Then' no requesting page
    Response.Redirect("/halfPrice/Admin/adminChoices.aspx")
    EndIf
    Else
    l
    blMessage.Text = "Your login information is incorrect. Please, try again."
    ' allow user to try loging in again
    ibtnLogin.Enabled = True
    EndIf
    Catch ex As Exception
    lblMessage.Text = ex.Message.ToString
    EndTry
    EndSub
    Last edited by musa; August 18th, 2004 at 09:07 AM. Reason: Very Long code
  2. #2
  3. Contributing User
    ASP Scholar (3000 - 3499 posts)

    Join Date
    Jun 2004
    Posts
    3,072
    Rep Power
    193
    Hi

    You could try using "CAST(Pwd1 AS varbinary(length)) = CAST(Pwd2 AS varbinary(length))" during your comparison. This may have some detrimental effect on speed as it may have to do an index scan, but it might provide a possible solution

    MK
  4. #3
  5. Master MC
    ASP Explorer (0 - 99 posts)

    Join Date
    Aug 2004
    Location
    South Africa
    Posts
    43
    Rep Power
    14

    Wink


    Thanks Selwonk. I have just found another solution.
    The solution is to change the table field for comparison to 'case-sensitive'.
    I don't know if this has a detrimental effect on speed though.
    Thank you for your reply.


    Originally Posted by selwonk
    Hi

    You could try using "CAST(Pwd1 AS varbinary(length)) = CAST(Pwd2 AS varbinary(length))" during your comparison. This may have some detrimental effect on speed as it may have to do an index scan, but it might provide a possible solution

    MK
  6. #4
  7. Contributing User
    ASP Scholar (3000 - 3499 posts)

    Join Date
    Jun 2004
    Posts
    3,072
    Rep Power
    193
    Cool - that sounds nice and simple

    MK
  8. #5
  9. No Profile Picture
    Registered User
    ASP Explorer (0 - 99 posts)

    Join Date
    Jul 2013
    Posts
    1
    Rep Power
    0
    Hi.. This is by Classic ASP logic for simple code

    function CaseSensitive(Psw1,Psw2)
    If Len(Psw1)=Len(Psw2) Then
    For i=1 to Len(Psw1)
    If asc(Mid(Psw1,i,1)) = asc(Mid(Psw2,i,1)) Then
    _Result=true
    Else
    _Result=false
    End If
    Next
    CaseSensitive=_Result
    End If
    End Function

Similar Threads

  1. How to determine case sensitive text
    By bngrhl in forum ASP Development
    Replies: 2
    Last Post: July 7th, 2004, 07:01 PM
  2. Group and sum records in a query
    By mw_u2000 in forum Microsoft Access Help
    Replies: 3
    Last Post: June 2nd, 2004, 11:37 AM
  3. Datagrid control return wrong page number.
    By mex in forum .NET Development
    Replies: 0
    Last Post: February 26th, 2003, 11:48 AM
  4. Please help me, how to make SQL server table columns case sensitive
    By Steve Schofield in forum SQL Development
    Replies: 2
    Last Post: June 17th, 2002, 10:16 AM
  5. ODBC Driver acting Case Sensitive?
    By Steve Schofield in forum ASP Development
    Replies: 2
    Last Post: November 2nd, 2001, 04:22 AM

IMN logo majestic logo threadwatch logo seochat tools logo