0

Hey guys,
Back again,
I needed to ask two very quick questions:

Number 1:
In a login form,how do you make sure that the user doesnt type their username or password in Caps?

Number 2:
How do you display error messages after the user has tried to login with the wrong user name or password?

5
Contributors
7
Replies
8
Views
7 Years
Discussion Span
Last Post by scaiferw
0

1.If your id and pw are always meant to be in lower case, then it is easy enough to convert them with strtolower. If you allow a mix then you may need some javascript to check if the Caps Lock key is on.
http://www.wallpaperama.com/forums/how-to-detect-if-caps-lock-from-users-with-javascript-and-php-uppercase-typing-t1422.html

2. In a simple / traditional approach, the user will press the button to enter the form and your code that is used for the "action" on the form will process what they entered and decide if it is valid or not. If not, you display an appropriate message with a button or a link to return to the form. If you are into Ajax, then you could display the error below the form and allow them to try again without the need to refresh the whole form.

0

Hmm..Thanks for that.
Problem is, im only allowed to use php.No javascript.But its ok.Thanks !:)

0

If you want to make sure NO caps wahtsoever are user name and password.

//detect the presence of caps
function hasCaps($string)
{
    return(preg_match('/[A-Z]/', $string) > 0 ? true : false);
}
//don't know how to use functions in if's so will call the functions then make a comparison
$usernameCapFree = hasCaps($_POST['username']);
$passwordCapFree = hasCaps($_POST['password']);

//if it has caps create error
if($usernameCapFree){
 $error .= "Username is not allowed to have capital letters<br />";
}

if($passwordCapFree){
 $error .= "Password is not allowed to have capital letters<br />";
}

if(!$error){
 //register user
}

Just echo out the $error wherever you want it to be displayed.

-1

you can

function hasCaps($string)
{
    return(preg_match('/[A-Z]/', $string) > 0 ? true : false);
}

if(hasCaps('Raja')){
 echo "<br/><br/>Username is not allowed to have capital letters<br />";
}

if(hasCaps('raja')){
 echo "<br/><br/>Password is not allowed to have capital letters<br />";
}
?>
0

A couple of comments regarding passwords.

First, usernames are typically not case sensitive. I just use strtolower($password) in my PHP code whenever I'm checking usernames so ensure that I'm comparing a lowercase version of what the user entered to a lowercase version of what's in the databae. Then the user can do what they want with no harm.

Second, it's risky to prohibit caps in passwords. Ideally, passwords should have a mix of upper and lower case, numbers, etc.

Finally, whatever message you display for a bungled login, never reveal whether it was the password or login was wrong. If you say "password was wrong", you're telling a hacker that they guessed the username correctly. Just say something like "Your username and/or password could not be validated. Please check and try again".

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.