Log in

Convert Username to Lowercase before storing it to Database.

  • 8 Feb

I just found out that the Username is Case Sensitive.
ogidiga was not fount in the database while trying to log in while Ogidigas was successfully logged in.
I think the username should be converted to small letters before storing to the database as it is not supposed to be case sensitive.
Thanks.

In php, creating a simple query for username and assigning it to a variable should do the trick. Something like -
$user_lower = strtolower(user ['username']).
Shame I don't know python.

nitelyEsteban Castro Borsani

But every forum out there has case-sensitive user-names. However, were you on a mobile device or tablet? There is an auto capitalization and I think that can be fixed (i.e to not auto capitalize).

We could make it a setting, though.

Auto capitalization is a good idea but that's not what I am trying to point out.
In a normal authentication, a is not the same thing as A. they are treated differently hence is the best practice to convert all the username string to lower case before storing it to the database and during request should be always requested as lower case.

Please understand that I don't mean Display but store and retrieve, Display should be left as it is.
Piratical example -
I registered as Ogidiga ( note the capital O) and wanted to login with ogidiga (note the small o), it will not be authenticated. The error message will even tell you that the username does not exist in the database.
I believe converting all submitted Username to small letters, retrieve is as small letters but serve it as it was should be the best practice.
Php code example -
$username = $_POST(user['username']); #He registered with this eg Ogidiga
$username_lower = strtolower(user['username']); #It will be converted to all small latter and saved to the database - ogidiga
$username_login = strtolower(user['username']); # His login Username, covert everything to small letters.

if ($username_lower == $username_login) {
echo 'Welcome $Username, you are now logged in'
}
Sorry, I don't know Python yet. Every forum I've seen follows my above procedure - collect the usernames, covert them to all small letters, collect the login usernames and covert them to all small letters. Compare if they are the same and authenticate (displaying the original Username) or throw errors if otherwise.

Take a look at the two images below
No user withe the Username ogidiga

ogidiga.png

Ogidiga Logged successfully!

Ogidiga_logged.png

  • 3 Apr

Bump!

nitelyEsteban Castro Borsani
  • 3 Apr

I forget about this, sorry. I've created an issue here.

Reply