PHP MYSQLI login Allow capital letter

Question

This script does work, but if I use a capital letter for the user it does not work,

In the database is the user name Tom. And I can login if i use Tom, But tom does not work. How can I fix it?

<?php
$username=$_POST['username'];
$password=md5($_POST['password']);
$login=$_POST['login'];
if(isset($login)){
  $mysqli = new mysqli("localhost", "root", "Tech112!", "ripper");
  if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: " . $mysqli->connect_error;
  }
  $res = $mysqli->query("SELECT * FROM login where username='$username' and password='$password'");
  $row = $res->fetch_assoc();
  $name = $row['name_login'];
  $user = $row['username'];
  $pass = $row['password'];
  $rank = $row['type_login'];
  if($user==$username && $pass=$password){
    session_start();
    if($rank=="2"){
      $_SESSION['mysesi']=$user;
      $_SESSION['rank']=$rank;
      echo "<script>window.location.assign('index.php')</script>";
    } else if($rank=="1"){
      $_SESSION['mysesi']=$user;
      $_SESSION['rank']=$rank;
      echo "<script>window.location.assign('index.php')</script>";
    } 

    }
  } 
?>

Tom Lammers

Answer 1

Convert both database and $_POST username to lowercase and compare those. This will make username case insensitive.

$res = $mysqli->query("SELECT * FROM login where LOWER(`username`)='".strtolower($username)."' and password='$password'");

And edit your if to also compare with lowercase username.

if(strtolower($user) == strtolower($username) && $pass=$password){

NB! Your query is open for SQL injection, read this to fix it.

To avoid SQL injection, use bind_param.

/* Code until query */

$stmt = $mysqli->prepare("SELECT * FROM login where LOWER(`username`) = ? and password = ?");

// Add variables safely
$stmt->bind_param('ss', strtolower($username), $password);

$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();

/* Rest of your code */