I've created a login script using PHP that connects to a users table from a MySQL DB. It's very simple and currently is not encrypted (it will be before I take the site live...I'd love some suggestions on current password security features too).

My issue is that the username-check is case sensitive and I don't want it to be. All usernames will be proper names so I will store them with a capital first letter and display them that way but I don't want the user to have to use uppercase letters for the username when they login.

I'm new to PHP so there are probably some glaring issues with my code. Please correct me! :)

The following code is my login_check PHP:

<?php session_start(); include 'config.php';

$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password)
$query = mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows = mysql_num_rows($query);

    if (!$numrows==0)
        while ($row = mysql_fetch_assoc($query))
            $username1 = $row["username"];
            $password1 = $row["password"];
            $title = $row['title']; //The user's title.
            $facility = $row['facility']; //The facility that the user belongs to.
            if ($username1==$username&&$password1==$password) //check to see if username and password match
                $_SESSION['username'] = $username;
                $_SESSION['title'] = $title;
                $_SESSION['facility'] = $facility;
                header("Location: index.php"); //message(1): Welcome, <username>!
                    header("Location: login.php?error=2"); //error(2): Incorrect username or password.
            header("Location: login.php?error=1"); //error(1): Incorrect username or password.
    header("Location: login.php?error=3"); //error(3): Please enter a username AND password!
    exit("You are being redirected");

5 Years
Discussion Span
Last Post by dschuett

You could just use strtolower() on both the POST password and the database password before comparing them.

$username = strtolower($_POST['username']);
$username1 = strtolower($row['username']);

This with convert both the username that the user inputs and the username in the database to lower case.

Edited by dschuett


That works!

However, when I:

$_SESSION['username'] = $username;

And then: echo $username the username comes out all lowercase instead of with caps preserved.

Edited by KeithMon


After the user has been authenticated do I need to query the 'username' from the database again and use that new query to set:
$_SESSION['username'] = $newQueryOfUsername;

Which wil then be used for display purposes on the site?

...nevermind that's not going to work.

Edited by KeithMon: fail


Got it!

I simply added
$preserveUsername = $row['username'];
and then
$_SESSION['username'] = $preserveUsername;

Way too easy! Thanks for your help, dschuett!

Edited by KeithMon


No problem, glad you got it working. However instead of making a new session you could simply just use the ucwords() function. For example:

$username =ucwords("this user");

would return -> This User


$username = ucwords("thisuser");

would return -> Thisuser

Take a look here http://us2.php.net/manual/en/function.ucwords.php

Edited by dschuett

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.