From 7af8744c856545f62a2f24fd1a700f40b90b8e37 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 11 Feb 2021 09:57:57 +0300
Subject: authentication: make logins case-insensitive (force lowercase)

---
 classes/auth/base.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 1b9015fe3..1d68ae537 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -27,7 +27,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
 
 				$sth = $this->pdo->prepare("INSERT INTO ttrss_users
 						(login,access_level,last_login,created,pwd_hash,salt)
-						VALUES (?, 0, null, NOW(), ?,?)");
+						VALUES (LOWER(?), 0, null, NOW(), ?,?)");
 				$sth->execute([$login, $pwd_hash, $salt]);
 
 				return $this->find_user_by_login($login);
@@ -42,7 +42,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
 
 	function find_user_by_login($login) {
 		$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
-			login = ?");
+			LOWER(login) = LOWER(?)");
 		$sth->execute([$login]);
 
 		if ($row = $sth->fetch()) {
-- 
cgit v1.2.3