matty Posted June 5, 2007 Share Posted June 5, 2007 Ive started recoding my login/authenticate pages for my game engine, because they were simple. Upon testing what I have so far I have noticed something that confuses me. Say these are my login details. User - Me Pass- letmein Now it will log me in when i enter them exactly like that. BUT when i log in using the user me ( no capitol M), it gives me a blank screen and does nothing :S The incorrect password or incorrect user name works, it seems to break with case sensitivity issues. any ideas? $userid=mysql_real_escape_string($userid); $pass=md5($password); $login=$db->Execute("SELECT * FROM userdb WHERE username='$userid' AND password = '$pass'",true); if(!$userid || !$password) { error2("field"); exit; } $numusers = $login->fieldcount(); if($numusers == 1){ $user=$login->fields; if(($user['username']==$userid)&&($user['password']==$pass)){ if($user[verified] == "N"){ error2("verify"); exit; } if($user[jailtime] > 1){ jailerror("jail", $userid); exit; } include "include/newsession.php"; function refresh($loc) { echo ("<script type=\"text/javascript\">var timeout=1; setTimeout(\"window.location.replace('" . $loc . "')\", timeout*1000 );</script>"); } refresh("loggedin.php"); } } else { session_unset(); Echo "You have entered incorrect details"; } I have tried changing this part ... } $numusers = $login->fieldcount(); if($numusers == 1){ $user=$login->fields; if(($user['use to... } if($user=$login->fields){ if(($user['use I know I could make it so that players could only use a login name in lower caps, but there must be a way thats hiding from me? Matt Quote Link to comment Share on other sites More sharing options...
trq Posted June 5, 2007 Share Posted June 5, 2007 If you make all your usernames and passwords lowercase (using strtolower) when your users signup and also when you authenticate users, you will have no problems. Your usernames / passwords will be case insensitive. Quote Link to comment Share on other sites More sharing options...
matty Posted June 5, 2007 Author Share Posted June 5, 2007 Sorted with an else it was... if(($user['username']==$userid)&&($user['password']==$pass)){ That was causing a problem I added an else after that. I could remove it but i want to keep it secure. Quote Link to comment Share on other sites More sharing options...
trq Posted June 5, 2007 Share Posted June 5, 2007 These sorts of checks are redundant and should be taken care of in your query. Its pretty hard to tell what your code is doing really, but the logic seems well, illogical. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.