users: force lowercase; remove spaces

author: Andrew Dolgov <[email protected]> 2017-06-28 13:38:12 +0300
committer: Andrew Dolgov <[email protected]> 2017-06-28 13:38:12 +0300
commit: 33709de21e902e7a3e593883fc18c94361eb3c37 (patch)
tree: 73b42ec40c96378b03552141c3bba9aae6669fa3
parent: 4a929e9595928e744b23575e564c9d931c4e54ed (diff)
2 files changed, 4 insertions, 4 deletions
diff --git a/login.php b/login.php
index 3f2c5f2..ddb25b5 100644
--- a/login.php
+++ b/login.php
@@ -5,8 +5,8 @@
 	@$op = $_REQUEST["op"];
 
 	if ($op == "perform-login") {
-		$user = SQLite3::escapeString($_REQUEST["user"]);
-		$password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . $_REQUEST["password"]));
+		$user = SQLite3::escapeString(trim(mb_strtolower($_REQUEST["user"])));
+		$password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])));
 
 		$dbh = Db::get();
 
diff --git a/useradm.php b/useradm.php
index d36167a..ee330cb 100644
--- a/useradm.php
+++ b/useradm.php
@@ -44,8 +44,8 @@
 			exit;
 		}
 
-		$user = SQLite3::escapeString($user);
-		$pass_hash = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:$pass"));
+		$user = SQLite3::escapeString(trim(mb_strtolower($user)));
+		$pass_hash = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($pass)));
 
 		print "Adding user $user with password $pass...\n";
author	Andrew Dolgov <[email protected]>	2017-06-28 13:38:12 +0300
committer	Andrew Dolgov <[email protected]>	2017-06-28 13:38:12 +0300
commit	33709de21e902e7a3e593883fc18c94361eb3c37 (patch)
tree	73b42ec40c96378b03552141c3bba9aae6669fa3
parent	4a929e9595928e744b23575e564c9d931c4e54ed (diff)