I'm not 100% sure but please try this: staging...zero-24:username_login I can make a PR if that works. Thanks!

I rather think we should solve the issue for the other login forms, i.e. never accept differences in lower-upper case as this would be contradictory to our Configuration:

Why would we impose a minimum number of UpperCase if this is not implemented?

EDIT:
Sorry, this concerns passwords, not User name

lol - you had me confused there

I am still extremely confused: why do we accept lower and upper entries for the username in the other login forms (just tested and indeed, one can login).
This looks wrong to me.

fairly common for usernames not to be case sensitive.

But SharkyKz is right on the updater (captive login) we are case sensitive for usernames on the login not.

@yvesh
Indeed joomlaupdate does not behave the same as other login forms but I wonder if it should not be safer to enforce a case-sensitive user name elsewhere instead of modifying the one in joomlaupdate.

@infograf768 yep that's true. But in the first case the behavior should be equal on all areas.

@zero-24 Any reason you don't use strcasecmp ?? :-)

@yvesh no i just want to be sure the issue comes from that part of the code ;)

Folks, I just tested a new install and I confirm that sql does NOT accept case-insensitive Username.
Why would Joomla accept?

Not just Joomla - any system that uses an email address as the username for example will be case insensitive

@zero-24 your solution works.

I'm with Brian it is extremely common from a user perspective to allow upper and lower case in username which can be used for login. Many times the user may start with a capital for example if writing on an iPhone and so on. It's accepted because users can be stupid (I know way too much after seeing this first hand after laughing a website for a client recently and they didn't even read the bright login they click to continue before logging in).

I would use @zero-24 solution too.

It's accepted because users can be stupid

The reason is more that the username isn't considered a secret element. It's also not saved encrypted in the database and sometimes even is shown on the page. Thus case sensitivity isn't of concern.
Only the password is considered a secret and thus it has to match exactly.

Either way it's a major inconsistency. This is the only part of the system that seems to have a case sensitive requirement so should be adjusted (it looks like Tobias' patch would do the trick).

@zero-24 can you please make a Pr based on staging...zero-24:username_login so that we can close this and move on

Done. looks like i have forgotten this over the time. Thanks for the reminder.

PR is #16167