Browse Source

users: force lowercase; remove spaces

Andrew Dolgov 2 years ago
parent
commit
33709de21e
2 changed files with 4 additions and 4 deletions
  1. 2 2
      login.php
  2. 2 2
      useradm.php

+ 2 - 2
login.php

@@ -5,8 +5,8 @@
 	@$op = $_REQUEST["op"];
 
 	if ($op == "perform-login") {
-		$user = SQLite3::escapeString($_REQUEST["user"]);
-		$password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . $_REQUEST["password"]));
+		$user = SQLite3::escapeString(trim(mb_strtolower($_REQUEST["user"])));
+		$password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])));
 
 		$dbh = Db::get();
 

+ 2 - 2
useradm.php

@@ -44,8 +44,8 @@
 			exit;
 		}
 
-		$user = SQLite3::escapeString($user);
-		$pass_hash = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:$pass"));
+		$user = SQLite3::escapeString(trim(mb_strtolower($user)));
+		$pass_hash = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($pass)));
 
 		print "Adding user $user with password $pass...\n";