I have a simple authentication script that is working but i discovered that for a user admin with password admin, a user ADMIN with password ADMIN can also log in. How do i make this script case sensitive. Also i am aware of the enycriptions that can be done so that the password is not stored as text, just need to figure out how to make this case sensitive.
if($_SERVER['REQUEST_METHOD'] == "POST" && mysql_real_escape_string($_POST['username'])!="" && mysql_real_escape_string($_POST['password']) !="") { // receive form sent via POST method
$username = mysql_real_escape_string($_POST['username']); // prevent sql injection by using "mysql_real_escape_string()"
$password = mysql_real_escape_string($_POST['password']);
$data = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
if(mysql_num_rows($data) >0) { // if the query returns a result then create session variables to show user is authenticated
$_SESSION['logged'] = 1;
$_SESSION['user'] = $username;
}
}