[Piskvorrr]

If you're doing one irreversible transformation on the string (hashing), doing another (lowercasing) is quite pointless. This doesn't prove use of a reversible storage, but it's a very, very strong indicator. "If you hear hooves, it's probably horses, not zebras."

[Firehed]

No, it does not. Here's a sample:

  function checkPassword($user, $posted_password) {
    return bcrypt(strtolower($posted_password), $user->saved_hashed_password) === $user->saved_hashed_password;
  }
  function setPassword($user, $posted_password) {
    $user->saved_hashed_password = bcrypt(strtolower($posted_password), generateSalt());
  }

Lowercasing the password before hashing (both on save and check) indeed lowers the strength of the password, but it saves a lot of support headache from users that have caps lock turned on, or your mobile device auto-capitalizes the first letter. Facebook does this, although in a better way: http://www.zdnet.com/blog/facebook/facebook-passwords-are-no...

While we can't know without looking at their implementation, it's certainly possible and indeed fairly easy to build a forgiving system without having the password stored in a reversible format.

[Piskvorrr]

Hmm, this would indeed be a simple, yet non-catastrophic explanation (and useful UX to boot). That would make sense; and if this were the case, I'd be glad I was wrong.

[Jacquass12321]

Again I'm not seeing how a to_lower on a string in any way implies plain text storage. There's no indicator at all frankly. It was a 2 minute decision by whoever implemented the user input and has negligible impact on password entropy.