我的密码验证不区分大小写

Question

It is a login form with only username and password. It works well but i want my information to be case sensitive. For example my database username is : David and password :PooPoo. Although if i insert user name: daVid and password: PoOPOo it parse the form.

My code looks like this:

<?php 
    session_start();
    if (isset($_SESSION["manager"])) {
        header("location: index.php"); 
        exit();
    }
?>
<?php 
    if (isset($_POST["username"]) && isset($_POST["password"])) {

        $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); 
        $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); 
        include "../storescripts/connect_to_mysql.php"; 
        $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
        $existCount = mysql_num_rows($sql); // count the row nums

        if ($existCount == 1) { // evaluate the count
             while($row = mysql_fetch_array($sql)){ 
                 $id = $row["id"];
             }
             $_SESSION["id"] = $id;
             $_SESSION["manager"] = $manager;
             $_SESSION["password"] = $password;
             header("location: index.php");
             exit();     
        }else{
            print '<script type="text/javascript">'; 
            print 'alert("wrong info")'; 
            print '</script>'; 
        }            
    }
?> 

My validation script

<script type="text/javascript" language="javascript"> 
    function validateMyForm ( ) { 
        var isValid = true;
        if ( document.adminlogin.username.value == "" ) { 
            alert ( "Please enter your username" ); 
            isValid = false;
        } else if ( document.adminlogin.password.value == "" ) { 
            alert ( "Please enter password" ); 
            isValid = false;            
        }
        return isValid;
    }
</script>

Where is my error please?

Answer 1

I think the error is worrying about case sensitivity in the first place. Insisting that passwords be case sensitive is usually overstated. Yes, it adds strength to a password of a given length, but so does increasing that length. In both cases the password becomes a bit harder to remember, but the mixed case password is probably easier to spy on.

Leaving the caps lock on is so common that many sign-in screens (eg, Windows) now provide some kink of warning. Rejecting a password because the caps lock is on gives a grand total of 1 extra bit of entropy out of a typical 40 to 80 bits, but in return it gives the disgruntled co-worker next to you one more chance to see you type it in. If you are typing in 'PooPoo' (2 letters next to each other on the keyboard) they might even be able to catch this one just by listening to keyboard clicks or looking for finger smudges on a touch screen.

Mixed case passwords and the inconvenience it creates for users make most of us slow down and become very deliberate in the way we type. I have seen many touch typists resort to the 2-finger approach because of the awkwardness of toggling between cases (even worse on most phones), making it super easy to spy on.

Answer 2

Well you should use md5() function to store you user's password (and do the same on the validation). Since md5() is case sensitive by itself it will automatically do the job.

md5()

With this you'll be solving your case problem, and making your password storing safer