case-sensitive logins

No one knows?

You could make the password all lower-case if you wanted ?

The password isn’t the problem – it’s the login (username) – these people aren’t very techy, and having to remember that Scott is different from scott will cause problems. Any ideas?

Making a login or pw case-insensitive reduces the security aspect.

You could play with the login file and write a reminder there maybe ? I doubt it’ll take too many failed tries for him to remember. Also, his browser may auto-complete for him anyway.

Duh. It took me like 10 minutes to figure out that login names are case sensitive.

Really this is more confusing than it is securing anything, as login names are case-insensitive in 99%.

There’s no further input on this? For our site, I don’t want our users’ password or username to be case-sensitive. It’s frustrating for a lot of them who aren’t so saavy with the WWW and computers in general…and quite a few get irritated and give up trying to ‘blog in’.

How can I go about changing this?

I suppose you’d have to find all the instances of where the user_login is created and used before it “goes to the database” then wrap it in the php function strtolower()

Might be easier to let the dolts figure it out for themselves or post a “case sensitive” note to them.

Well, this dolt wished the devs had done that imagine my #^#&@$%^^*@#$%^ surprise after installing WP and I tried to login as “admin” …. spent two ^%$&$%^& hours trying to figure it out. Changed the password, tried this… tried that….. finaly on a whim, I tried “Admin” and what do you know, the sunnovabitch worked…. So am I stupid, or should there have been a better warning? All it told me was that my user name and password were wrong… there should have been some thing that included a note that the user name is case sensitive….

But I’m just a gnome… what the heck do I know?

Tg

‘Tis a bit better than the old days, I imagine. I just registered as a new user and if typing “William” wasn’t a clear indication that would be my username, then the e-mail I got saying:
Subject: Your username and password
Username: William
Password: bfa8466

sure should have been. ??

Do you have a little car that goes “beep-beep-beep”?

This seems to work for me. The most annoying thing was that it said the password was wrong, when the problem was the username’s case.
Ver: WP 2.0.2
File: pluggable-functions.php
Change line 194(in my case) from: if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
to: if ( ($already_md5 && md5($login->user_pass) == $password) || (strtolower($login->user_login) == strtolower($username) && $login->user_pass == md5($password)) ) {

I did what Podz said: “You could play with the login file and write a reminder there maybe ?”

I modified the register and login pages (i think they’re something like register.php and login.php, found ’em somewhere in the wp-admin I think). My blogs now simply say “Username is CaSE sEnSitIVe” right above where you type in the username, under the WordPress logo.

The funny thing was after that I had someone new register using the username “case sensitive.”

Sorry, forget what I wrote two messages up. It works, but they gets logged in with the case they wrote. Not very good, so I made another approach. Find the two lines in wp-login.php:

if ( $user_login && $user_pass ) {
$user = new WP_User(0, $user_login);

Put this line between them:

$user_login_tmp = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login LIKE '$user_login'");
if ( !$user_login_tmp == '' ) $user_login = $user_login_tmp;

And you might wish to add trim to password and userlogin. When people copy and paste, a space is often at the end.
$user_login = trim(sanitize_user( $user_login ));
$user_pass = trim($_POST['pwd']);

Hopefully this is a “final solution” ??

Dgold; I have a line “Write nothing here” on my blog. A few people wrote the word nothing there…