I've created a login script using PHP that connects to a users
table from a MySQL DB. It's very simple and currently is not encrypted (it will be before I take the site live...I'd love some suggestions on current password security features too).
My issue is that the username-check is case sensitive and I don't want it to be. All usernames will be proper names so I will store them with a capital first letter and display them that way but I don't want the user to have to use uppercase letters for the username when they login.
I'm new to PHP so there are probably some glaring issues with my code. Please correct me! :)
The following code is my login_check PHP:
<?php session_start(); include 'config.php';
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows = mysql_num_rows($query);
if (!$numrows==0)
{
while ($row = mysql_fetch_assoc($query))
{
$username1 = $row["username"];
$password1 = $row["password"];
$title = $row['title']; //The user's title.
$facility = $row['facility']; //The facility that the user belongs to.
}
if ($username1==$username&&$password1==$password) //check to see if username and password match
{
$_SESSION['username'] = $username;
$_SESSION['title'] = $title;
$_SESSION['facility'] = $facility;
header("Location: index.php"); //message(1): Welcome, <username>!
}
else
header("Location: login.php?error=2"); //error(2): Incorrect username or password.
}
else
header("Location: login.php?error=1"); //error(1): Incorrect username or password.
}
else{
header("Location: login.php?error=3"); //error(3): Please enter a username AND password!
exit("You are being redirected");
}
?>