diff --git a/api/login.php b/api/login.php
index f7db807..01c546d 100644
--- a/api/login.php
+++ b/api/login.php
@@ -21,7 +21,7 @@ if (!is_array($data)) {
 
 $login = trim($data['username'] ?? '');
 $password = $data['password'] ?? '';
-$siteAlias = trim($data['site_alias'] ?? '');
+$siteAlias = strtolower(trim($data['site_alias'] ?? ''));
 
 if ($siteAlias === '') {
     http_response_code(400);
diff --git a/import_users.php b/import_users.php
new file mode 100644
index 0000000..0584cbb
--- /dev/null
+++ b/import_users.php
@@ -0,0 +1,74 @@
+<?php
+// Usage: place this script next to users.txt and run: php import_users.php
+// It will create users_with_passwords.txt with "login:password" lines.
+
+require_once __DIR__ . '/config/db.php';
+
+$inputFile = __DIR__ . '/users.txt';
+$outputFile = __DIR__ . '/users_with_passwords.txt';
+
+if (!file_exists($inputFile)) {
+    fwrite(STDERR, "Input file not found: {$inputFile}\n");
+    exit(1);
+}
+
+$lines = file($inputFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+if ($lines === false) {
+    fwrite(STDERR, "Failed to read input file.\n");
+    exit(1);
+}
+
+$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+$charsetLen = strlen($charset);
+
+function generatePassword(string $charset, int $charsetLen, int $length = 6): string
+{
+    $password = '';
+    for ($i = 0; $i < $length; $i++) {
+        $password .= $charset[random_int(0, $charsetLen - 1)];
+    }
+    return $password;
+}
+
+$pdo->beginTransaction();
+try {
+    $selectStmt = $pdo->prepare("SELECT id FROM users WHERE username = ?");
+    $insertStmt = $pdo->prepare("INSERT INTO users (username, password_hash) VALUES (?, ?)");
+    $updateStmt = $pdo->prepare("UPDATE users SET password_hash = ? WHERE id = ?");
+
+    $out = fopen($outputFile, 'w');
+    if ($out === false) {
+        throw new RuntimeException('Failed to open output file for writing.');
+    }
+
+    $seen = [];
+    foreach ($lines as $line) {
+        $username = trim($line);
+        if ($username === '' || isset($seen[$username])) {
+            continue;
+        }
+        $seen[$username] = true;
+
+        $password = generatePassword($charset, $charsetLen, 6);
+        $hash = password_hash($password, PASSWORD_BCRYPT);
+
+        $selectStmt->execute([$username]);
+        $user = $selectStmt->fetch(PDO::FETCH_ASSOC);
+        if ($user) {
+            $updateStmt->execute([$hash, $user['id']]);
+        } else {
+            $insertStmt->execute([$username, $hash]);
+        }
+
+        fwrite($out, $username . ':' . $password . PHP_EOL);
+    }
+
+    fclose($out);
+    $pdo->commit();
+    echo "Done. Output: {$outputFile}\n";
+} catch (Throwable $e) {
+    $pdo->rollBack();
+    fwrite(STDERR, "Error: " . $e->getMessage() . "\n");
+    exit(1);
+}
+?>
diff --git a/js/auth.js b/js/auth.js
index 6a3d5cb..c52c20b 100644
--- a/js/auth.js
+++ b/js/auth.js
@@ -48,12 +48,14 @@ if (document.getElementById('loginForm')) {
         if (!data.site_alias) {
             const metaAlias = document.querySelector('meta[name="site-alias"]');
             if (metaAlias && metaAlias.content) {
-                data.site_alias = metaAlias.content.trim();
+                data.site_alias = metaAlias.content.trim().toLowerCase();
             } else {
                 const path = window.location.pathname.replace(/\/+$/, '');
                 const parts = path.split('/').filter(Boolean);
-                data.site_alias = parts[0] || 'root';
+                data.site_alias = (parts[0] || 'root').toLowerCase();
             }
+        } else if (typeof data.site_alias === 'string') {
+            data.site_alias = data.site_alias.trim().toLowerCase();
         }
         
         const result = await sendRequest('api/login.php', data);