Let me start by saying that I recommend that you use case-sensitive usernames and passwords.
Case-sensitivity adds an additional level of complexity and can make it harder for unauthorized
users to guess a user's credentials. That being said, if you must make your usernames and/or
passwords case-insensitive, it's actually quite easy to do.
All you need to do is convert both the entered value and the stored value to the same case before
you compare them. I usually use LCase to make them both lower case, but using UCase to make
them upper case works exactly the same way.
As an example, here's the original line from the classic ASP version of the sample.
If Request.Form("login") = "Guest" AND Request.Form("password") = "Guest" Then
By simply adding a few calls to LCase, the code below totally ignores the cases of the characters entered.
If LCase(Request.Form("login")) = LCase("Guest") AND LCase(Request.Form("password")) = LCase("Guest") Then
If you're going to do this, I recommend you only switch to the case-insensitive values in the
comparison code and not in the code that retrieves or stores the values. Storing the username
and password exactly as the user entered them allows you to easily move to a case-sensitive routine
at some future date should the need arise.