Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Customising the CMS /

Username/password case sensitivity and login error messages


Reply


2 Posts   671 Views

Avatar
sra

Community Member, 1 Post

12 July 2012 at 12:59pm

Hi all,

Not sure if this is the right place to post, so if the mods need to move it, please do so.

I've taken over a SilverStripe website and the users have noticed two things they would like changed:

1. The username and password fields when you log in are case sensitive. Putting aside arguments of whether or not a password should be all one case, how would I modify SilverStripe to achieve this? I'd like to find the file and line of code I need to modify. At a guess, I'm hoping that I can track down the string comparison between the username entered and what is in the database, and transform both to lowercase (or upper) just for the comparison. I've been poking around the /sapphire/security/MemberLoginForm.php file at the moment. I'm open to your recommendations though!

2. If a user enters a username in to the login form that is utterly wrong (not one that exists in the database) and submits this, no error message comes back after the post back. The user just sees the blank form rather than a message saying that the username or password is wrong. To actually get the error message, you need to have a username that is in the database, but with incorrect case (hence the question above as well). Where in SS should I be looking for this comparison so I can display an error message more befitting?

It is a SS 2.4.7 website.

TIA. Much appreciated.

Avatar
Nicolaas

Forum Moderator, 213 Posts

17 July 2012 at 9:35pm

1. I would not try to change that, because these type of security parts of the SS CMS you should not tinker with as they will definitely cause more hassle than anything

2. I have the same problem on 2.4.7