Last week, we were tasked by a new client to make the usernames on their Joomla 5 website case sensitive. For example, they wanted to have something like “admin” and “Admin” as different usernames – this of course, means, that the logins are also case sensitive (in case you didn’t notice, by default, you can use “john” or “John” or “JOHn” as the username when logging in to a Joomla website, and they’ll all work, even if the username was initially added as “john”).
It was a fun task… We first thought about changing the Joomla core to accomodate the request, but the more we dug into it, the more we discovered that we needed to work on the database to make this happen – and this is because varchar strings, in MySQL, are typically case insensitive – this means that even if we solve the problem on Joomla’s end, we will also need to solve it on MySQL’s end. Then it hit us: what if we change the string type of the username field to something binary (instead of a regular string) – all collations have a binary option, which should make this test a breeze!
Here’s how to do change the username‘s case insensitive collation to a binary collation:
- Open phpMyAdmin and select the database powering your Joomla website.
-
Go to the #__users table (where #__ is your database prefix).
-
Click on Change on the username row.
-
Under Collation, select utf8mb4_bin instead of utf8mb4_unicode_ci.
-
That’s it!
We tried the above and, to our surprise, it worked. We were able to add the same username with uppercase characters, and Joomla accepted it. In addition, Joomla automatically imposed case sensitivity on the username. This whole experiment meant that Joomla relied exclusively on MySQL when it comes to case sensitivity for usernames.
But the “password” field’s collation is “utf8mb4_unicode_ci”, still it is case sensitive – how?
We’re glad you asked – Joomla does not compare the password field as it is, it converts your input to a hash, and converts the password in the database to a hash (this automatically imposes case sensitivity), and then compares the two. It doesn’t do a simple string comparison between the password inputted by the user and the password in the database.
Note: This has been tested on Joomla 4 and Joomla 5 – it should work on other versions of Joomla but we haven’t tested it.
We hope you found this post helpful and informative – if you need any help with the implementation, then please contact us. We are very experienced in Joomla, we are friendly, and our fees are affordable!