diff options
| author | Andrew Dolgov <[email protected]> | 2021-02-11 09:57:57 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-02-11 09:57:57 +0300 |
| commit | 7af8744c856545f62a2f24fd1a700f40b90b8e37 (patch) | |
| tree | b030aab53c9b9bbf42ef90d7a8d51363d22670f1 /classes | |
| parent | e7e73193feaef2d74ec2a7a203d2f56fdf3082fe (diff) | |
authentication: make logins case-insensitive (force lowercase)
Diffstat (limited to 'classes')
| -rwxr-xr-x | classes/api.php | 2 | ||||
| -rw-r--r-- | classes/auth/base.php | 4 | ||||
| -rwxr-xr-x | classes/handler/public.php | 10 | ||||
| -rw-r--r-- | classes/pref/users.php | 8 |
4 files changed, 12 insertions, 12 deletions
diff --git a/classes/api.php b/classes/api.php index 43cefef8f..7e4691b32 100755 --- a/classes/api.php +++ b/classes/api.php @@ -59,7 +59,7 @@ class API extends Handler { if (SINGLE_USER_MODE) $login = "admin"; - $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?"); + $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)"); $sth->execute([$login]); if ($row = $sth->fetch()) { diff --git a/classes/auth/base.php b/classes/auth/base.php index 1b9015fe3..1d68ae537 100644 --- a/classes/auth/base.php +++ b/classes/auth/base.php @@ -27,7 +27,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule { $sth = $this->pdo->prepare("INSERT INTO ttrss_users (login,access_level,last_login,created,pwd_hash,salt) - VALUES (?, 0, null, NOW(), ?,?)"); + VALUES (LOWER(?), 0, null, NOW(), ?,?)"); $sth->execute([$login, $pwd_hash, $salt]); return $this->find_user_by_login($login); @@ -42,7 +42,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule { function find_user_by_login($login) { $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE - login = ?"); + LOWER(login) = LOWER(?)"); $sth->execute([$login]); if ($row = $sth->fetch()) { diff --git a/classes/handler/public.php b/classes/handler/public.php index 13a6af4b1..a1ed667be 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -248,7 +248,7 @@ class Handler_Public extends Handler { $login = clean($_REQUEST["login"]); $fresh = clean($_REQUEST["fresh"]) == "1"; - $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?"); + $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)"); $sth->execute([$login]); if ($row = $sth->fetch()) { @@ -272,7 +272,7 @@ class Handler_Public extends Handler { if ($login) { $sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users - WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title"); + WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND LOWER(login) = LOWER(?) ORDER BY title"); $sth->execute([$login]); $rv = [ [ "value" => 0, "label" => __("Default profile") ] ]; @@ -941,7 +941,7 @@ class Handler_Public extends Handler { if ($login) { $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users - WHERE login = ?"); + WHERE LOWER(login) = LOWER(?)"); $sth->execute([$login]); if ($row = $sth->fetch()) { @@ -1026,7 +1026,7 @@ class Handler_Public extends Handler { $_SESSION["pwdreset:testvalue2"] = rand(1, 1000); $sth = $this->pdo->prepare("SELECT id FROM ttrss_users - WHERE login = ? AND email = ?"); + WHERE LOWER(login) = LOWER(?) AND email = ?"); $sth->execute([$login, $email]); if ($row = $sth->fetch()) { @@ -1066,7 +1066,7 @@ class Handler_Public extends Handler { $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = ? - WHERE login = ? AND email = ?"); + WHERE LOWER(login) = LOWER(?) AND email = ?"); $sth->execute([$resetpass_token_full, $login, $email]); diff --git a/classes/pref/users.php b/classes/pref/users.php index f6acc0d20..45c4b82b8 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -206,7 +206,7 @@ class Pref_Users extends Handler_Protected { $pass_query_part = ""; } - $sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = ?, + $sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = LOWER(?), access_level = ?, email = ?, otp_enabled = false WHERE id = ?"); $sth->execute([$login, $access_level, $email, $uid]); @@ -238,18 +238,18 @@ class Pref_Users extends Handler_Protected { if (!$login) return; // no blank usernames $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE - login = ?"); + LOWER(login) = LOWER(?)"); $sth->execute([$login]); if (!$sth->fetch()) { $sth = $this->pdo->prepare("INSERT INTO ttrss_users (login,pwd_hash,access_level,last_login,created, salt) - VALUES (?, ?, 0, null, NOW(), ?)"); + VALUES (LOWER(?), ?, 0, null, NOW(), ?)"); $sth->execute([$login, $pwd_hash, $salt]); $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE - login = ? AND pwd_hash = ?"); + LOWER(login) = LOWER(?) AND pwd_hash = ?"); $sth->execute([$login, $pwd_hash]); if ($row = $sth->fetch()) { |