I've created a login script using PHP that connects to a users table from a MySQL DB. It's very simple and currently is not encrypted (it will be before I take the site live...I'd love some suggestions on current password security features too).

My issue is that the username-check is case sensitive and I don't want it to be. All usernames will be proper names so I will store them with a capital first letter and display them that way but I don't want the user to have to use uppercase letters for the username when they login.

I'm new to PHP so there are probably some glaring issues with my code. Please correct me! :)

The following code is my login_check PHP:

<?php session_start(); include 'config.php';

$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows = mysql_num_rows($query);

    if (!$numrows==0)
    {
        while ($row = mysql_fetch_assoc($query))
        {
            $username1 = $row["username"];
            $password1 = $row["password"];
            $title = $row['title']; //The user's title.
            $facility = $row['facility']; //The facility that the user belongs to.
        }
            if ($username1==$username&&$password1==$password) //check to see if username and password match
            {
                $_SESSION['username'] = $username;
                $_SESSION['title'] = $title;
                $_SESSION['facility'] = $facility;
                header("Location: index.php"); //message(1): Welcome, <username>!
            }
                else
                    header("Location: login.php?error=2"); //error(2): Incorrect username or password.
                }
        else
            header("Location: login.php?error=1"); //error(1): Incorrect username or password.
}
else{
    header("Location: login.php?error=3"); //error(3): Please enter a username AND password!
    exit("You are being redirected");
}

?>

You could just use strtolower() on both the POST password and the database password before comparing them.

$username = strtolower($_POST['username']);
$username1 = strtolower($row['username']);

This with convert both the username that the user inputs and the username in the database to lower case.

That works!

However, when I:

$_SESSION['username'] = $username;

And then: echo $username the username comes out all lowercase instead of with caps preserved.

After the user has been authenticated do I need to query the 'username' from the database again and use that new query to set:
$_SESSION['username'] = $newQueryOfUsername;

Which wil then be used for display purposes on the site?

...nevermind that's not going to work.

Got it!

I simply added
$preserveUsername = $row['username'];
and then
$_SESSION['username'] = $preserveUsername;

Way too easy! Thanks for your help, dschuett!

No problem, glad you got it working. However instead of making a new session you could simply just use the ucwords() function. For example:

$username =ucwords("this user");

would return -> This User

or

$username = ucwords("thisuser");

would return -> Thisuser

Take a look here http://us2.php.net/manual/en/function.ucwords.php

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.