Commit e4f01119 authored by Andrew Robert Nicols's avatar Andrew Robert Nicols
Browse files

Ensure that usernames are lowercased during login attempt (bug #684425)


Signed-off-by: default avatarAndrew Robert Nicols <andrew.nicols@luns.net.uk>
parent f1016279
...@@ -183,6 +183,7 @@ class User { ...@@ -183,6 +183,7 @@ class User {
throw new InvalidArgumentException('parameter must be a positive integer to create a User object'); throw new InvalidArgumentException('parameter must be a positive integer to create a User object');
} }
$username = strtolower($username);
if ($remoteuser) { if ($remoteuser) {
// See if the user has either the child or the parent authinstance. // See if the user has either the child or the parent authinstance.
// Most of the time, it's the parent auth instance that is // Most of the time, it's the parent auth instance that is
...@@ -203,7 +204,7 @@ class User { ...@@ -203,7 +204,7 @@ class User {
JOIN JOIN
{auth_remote_user} aru ON (us.id = aru.localusr) {auth_remote_user} aru ON (us.id = aru.localusr)
WHERE WHERE
aru.remoteusername = ' . db_quote($username) . ' LOWER(aru.remoteusername) = ' . db_quote($username) . '
AND us.authinstance = ' . db_quote($parentid) . ' AND us.authinstance = ' . db_quote($parentid) . '
) )
AND AND
...@@ -225,7 +226,7 @@ class User { ...@@ -225,7 +226,7 @@ class User {
WHERE WHERE
( (
( (
r.remoteusername = ? LOWER(r.remoteusername) = ?
AND r.authinstance = ? AND r.authinstance = ?
)' )'
. $parentwhere . $parentwhere
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment