From 33709de21e902e7a3e593883fc18c94361eb3c37 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 28 Jun 2017 13:38:12 +0300
Subject: users: force lowercase; remove spaces

---
 login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'login.php')

diff --git a/login.php b/login.php
index 3f2c5f2..ddb25b5 100644
--- a/login.php
+++ b/login.php
@@ -5,8 +5,8 @@
 	@$op = $_REQUEST["op"];
 
 	if ($op == "perform-login") {
-		$user = SQLite3::escapeString($_REQUEST["user"]);
-		$password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . $_REQUEST["password"]));
+		$user = SQLite3::escapeString(trim(mb_strtolower($_REQUEST["user"])));
+		$password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])));
 
 		$dbh = Db::get();
 
-- 
cgit v1.2.3