I am creating a web app where when you register you give input of username and password, now at first I thought I was done with the login/register system but then I realized I can create accounts with the same username as long as I add a space ( ) to the end or change a letter to capital. I want only one person to have a username no matter what the capitalization is, how can I detect these fakes?
my detection code:
message: "User Already Exists"
user = searching for a user in the db with the input but it doesn't have any other detection!
I though of adding a "pronunciation" to the db info so it would be all lower case to prevent capital letter abuse but that seems unnecessary, also how can I detect spaces ( )?
When you check if the username exists convert the input username and all existing usersnames to lower or upper case and compare?
I would store the username and a sanitized username in lowercase without spaces as index. That way the users can have their own cases and spaces, and you can efficiently search the table for a lowercase username without spaces.
to prevent whitespace at the start/end of the string
You could potentially disallow spaces to begin with as a validation step, or at least leading/trailing spaces. Also perform case-insensitive comparisons (both on registration and on login, casing shouldn't matter in a username but very much should in a password). Though the effort to stop people from making names that are similar to other names should only go so far. There comes a point where such restrictions cause more problems than they solve.
ok, thanks to all for information