Darn, I borrowed my PHP Bible out to a friend, and need to figure out this minor bug.
I am attempting to write some code to run a username verification procedure.
Now, the bug is this:
let's say you have
user: JON
password: RULZ (stored in a mysql database as such).
(I know the password should be encrypted, but part of the program is being able to display passwords for users, so no MD5 or password just yet).
Anyway, if I login with password rulz, it allows me to login.
Normally, this is o.k., but I don't want to confuse the users, and we have beaten into their brains to always type their password as they know it. (Many have uppercase passwords).
So, how to I ensure that the case is an exact match?
The way I am checking the user input is through this code:
// check if username is unique
$result = mysql_query("select * from users
where username='$username'
and password = ('$password')");
if (!$result)
return 0;
if (mysql_num_rows($result)>0)
return 1;
else
return 0;
Thanks
