[SOLVED] Need Help Making Login Script case Sensitive

[phpQuestioner]

I have a login script, but it is not case sensitive. I believe I could use strcmp some how in the code, but I do not know where to put it in this code.

 

 

<?php
$host="localhost"; // Host name
$username="myusernamehere"; // Mysql username
$password="mypasswordhere"; // Mysql password
$db_name="mydatabasehere"; // Database name
$tbl_name="mytablehere"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
$note="Username And/Or Password Not Found";
header("Location: iaam.php?cels=$note");
}
?>

 

So would I use "strcmp" some where in this code or would I do it some other way?

[cooldude832]

Your login script is going to get hacked because you are pulling raw data I could say || 1=1 and inject your data very easy, first off use the escape string function for username and for passwords look into md5() one way encryption that will make it a 32bit string that is casesensative for password.  For the username the escape does a smilar process.

[phpQuestioner]

ok - wait - what?

 

What do you mean "escape string function" - not familiar with this - like "exit"?

So I set my db password field to md5 - right?

 

I found this script and I am really using it as a tool to teach me how to make a login script; but I do want it to be safe, so I can learn to write good and safe coding practices.

[cooldude832]

read these and it will make sense:

md5() http://us.php.net/manual/en/function.md5.php

mysql_escape() http://us.php.net/manual/en/function.mysql-escape-string.php

 

 

[phpQuestioner]

Ok - That helped some, but how do I encrypt the password in the database; either before of after I put it in the database? Would I have to echo this and then put it in database:

 

$password="john856";
$encrypt_password=md5($password);

echo $encrypt_password; 

 

would that be my only way to do this?

 

I added this now to php file:

 

// encrypt password
$encrypted_mypassword=md5($mypassword);

 

 

Still looking into escaping string function..........

[cooldude832]

you can't just use it you have to follow it all aroudn from registration to login to updating otherwise it won't work

[phpQuestioner]

ok - so I answered my own question about how do I get md5 code; I just echoed it out and copy/pasted into password field. Right now I am not letting any one register on their own; I would be doing registrations manually, all by myself.

 

I'm Sure This Is A Dumb Question - But Why do I need to escape string; If I am registering users myself?

[phpQuestioner]

You could also set username to md5 right; I mean that would work too, would it not?

[phpQuestioner]

Well I guess that worked out "OK" - I set both username & password to md5 and it seems to work the way I wanted it to - "case sensitive".

 

Thank You For Your Help cooldude832 !!!