I did a register and login form but i got a problem which was my password accept both lower case letter and upper case letter. Can anyone tell me how to fix this issue. This is my confirm register code below. Is it compulsory to hash password before it works. I am a newbie in php
<?php
if(isset($_POST['register'])){
$username = trim(mysqli_real_escape_string($connection, $_POST['username']));
$lastname = trim(mysqli_real_escape_string($connection, $_POST['lastname']));
$email = trim(mysqli_real_escape_string($connection, $_POST['email']));
$password = trim(mysqli_real_escape_string($connection, $_POST['password']));
$password1 = trim(mysqli_real_escape_string($connection, $_POST['password1']));
$sql = "SELECT email FROM users WHERE email='$email'" ;
$result = mysqli_query($connection, $sql) or die($mysqli->error());
if ( $result->num_rows > 0 ) {
echo'
<script type = "text/javascript">
alert("Email Address alrady exists ")
window.location.href = "register.php"
</script> ';
exit();
}
else {
if ($password === $password1){
// add the user if password match
$query = "INSERT INTO users(firstname, lastname, email, pass)
VALUES ('{$username}','{$lastname}', '{$email}', '{$password}') ";
$runNewUser = mysqli_query($connection, $query);
if($runNewUser){
echo'
<script type = "text/javascript">
window.location.href = "getmessage.php"
</script>';
}else{
echo'
<script type = "text/javascript">
alert("Error creating user. Please try again");
</script>';
}
}else{
// trigger error if password do not match
echo'
<script type = "text/javascript">
alert("Password do not match. Please try again ");
</script>
';
}
}
}
?>
while this is my confirm login code below
<?php
if(isset($_POST['ulogin'])){
$email = trim(mysqli_real_escape_string($connection, $_POST['email']));
$pass = trim(mysqli_real_escape_string($connection, $_POST['pass']));
$checkUser = "
SELECT * FROM users
WHERE email = '{$email}'
AND pass = '{$pass}'
";
$runCheck = mysqli_query($connection, $checkUser);
if(mysqli_num_rows($runCheck) == 1){
$foundUser = mysqli_fetch_array($runCheck);
$_SESSION['uid'] = $foundUser['id'];
$_SESSION['uname'] = $foundUser['firstname'];
$_SESSION['email'] = $foundUser['email'];
echo'
<script type = "text/javascript">
window.location.href = "dailymessage.php";
</script>
';
}else{
echo'
<script type = "text/javascript">
alert("Email address / Password incorect. Please try again");
</script>
';
}
}
?>
Any help will be appreciated.
By default,mysql is case insensitive. After the following line if ($password === $password1){ if the condition returns true (which meanq that if the 2 password matches,you should hash you $password like this $hash = password_hash($password, PASSWORD_DEFAULT); and in this line VALUES ('{$username}','{$lastname}', '{$email}', '{$password}') "; use the $hash variable which container your hashed password like this VALUES ('{$username}','{$lastname}', '{$email}', '{$hash}') "; .The second parameter of the hashing function PASSWORD_DEFAULT is the hashing algorithm.The default algorithm is currently bcrypt, but a stronger algorithm may be added as the default later at some point in the future and may generate a larger string. If you are using PASSWORD_DEFAULT in your projects, be sure to store the hash in a column that’s capacity is beyond 60 characters. Setting the column size to 255 might be a good choice. You could also use PASSWORD_BCRYPT as the second parameter. In this case the result will always be 60 characters long.So for your login when you provide password,you should compare it with it hashed version which is into the datase.So you first put the POST variable in a variable$password and then you create another variable $hash = password_hash($password, PASSWORD_DEFAULT); to generate the hashed version and for checking .Remember that you store the hashes in a database, but it’s the plain password that you get when a user logs in. The password_verify() function takes a plain password and the hashed string as its two arguments. It returns true if the hash matches the specified password.
if (password_verify($password, $hash)) {
// Success!
}
else {
// Invalid credentials
}
For more informations you can read this topic