Usernames no longer case sensitive

danh · danh · commit c152e8ecd8da · 2012-10-04T15:55:26.000Z
git-svn-id: http://svn.resourcespace.org/svn/resourcespace@3779 c08608d7-6e46-0410-86ca-f2a6f1370df5
diff --git a/include/login_functions.php b/include/login_functions.php
@@ -33,7 +33,7 @@ function perform_login()
 	$session_hash=md5($password_hash . $username . $password . date("Y-m-d"));
 	if ($enable_remote_apis){$session_hash=md5($password_hash.$username.date("Y-m-d"));} // no longer necessary to omit password in this hash for api support
 
-	$valid=sql_query("select ref,usergroup from user where username='".escape_check($username)."' and (password='".escape_check($password)."' or password='".escape_check($password_hash)."')");
+	$valid=sql_query("select ref,usergroup from user where lower(username)='".escape_check($username)."' and (password='".escape_check($password)."' or password='".escape_check($password_hash)."')");
 
 	# Prepare result array
 	$result=array();
@@ -54,7 +54,7 @@ function perform_login()
 		$result['password_hash']=$password_hash;
 
 		# Update the user record. Set the password hash again in case a plain text password was provided.
-		sql_query("update user set password='".escape_check($password_hash)."',session='".escape_check($session_hash)."',last_active=now(),login_tries=0,lang='".getvalescaped("language","")."' where username='".escape_check($username)."' and (password='".escape_check($password)."' or password='".escape_check($password_hash)."')");
+		sql_query("update user set password='".escape_check($password_hash)."',session='".escape_check($session_hash)."',last_active=now(),login_tries=0,lang='".getvalescaped("language","")."' where lower(username)='".escape_check($username)."' and (password='".escape_check($password)."' or password='".escape_check($password_hash)."')");
 
 		# Log this
 		$userref=$valid[0]["ref"];
diff --git a/login.php b/login.php
@@ -41,7 +41,7 @@
 # Process the submitted login
 elseif (array_key_exists("username",$_POST) && getval("langupdate","")=="")
     {
-    $username=getvalescaped("username","");
+    $username=strtolower(getvalescaped("username",""));
     $password=getvalescaped("password","");
 
 	$result=perform_login();

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@`
`41`	`41`	`# Process the submitted login`
`42`	`42`	`elseif (array_key_exists("username",$_POST) && getval("langupdate","")=="")`
`43`	`43`	`{`
`44`		`- $username=getvalescaped("username","");`
	`44`	`+ $username=strtolower(getvalescaped("username",""));`
`45`	`45`	`$password=getvalescaped("password","");`
`46`	`46`
`47`	`47`	`$result=perform_login();`