diff options
| author | Andrew Dolgov <fox@fakecake.org> | 2024-08-16 14:28:20 +0300 |
|---|---|---|
| committer | Andrew Dolgov <fox@fakecake.org> | 2024-08-16 14:28:20 +0300 |
| commit | b8cbb167d493191eee2dafec1949fcdd47dddaca (patch) | |
| tree | d901ac90896751610345e6e7c9bf60caf43bf06a | |
| parent | 99e444d1d2b0a2be06f85a87775d291ff9f961d0 (diff) | |
enforce lowercase usernames while keeping backwards-compatibility for authentication
| -rw-r--r-- | classes/UserHelper.php | 3 | ||||
| -rw-r--r-- | plugins/auth_internal/init.php | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/classes/UserHelper.php b/classes/UserHelper.php index 92c397764..0c2ed349b 100644 --- a/classes/UserHelper.php +++ b/classes/UserHelper.php @@ -62,6 +62,7 @@ class UserHelper { if (!Config::get(Config::SINGLE_USER_MODE)) { $user_id = false; $auth_module = false; + $login = mb_strtolower($login); PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_AUTH_USER, function ($result, $plugin) use (&$user_id, &$auth_module) { @@ -222,7 +223,7 @@ class UserHelper { static function find_user_by_login(string $login): ?int { $user = ORM::for_table('ttrss_users') - ->where('login', $login) + ->where_raw('LOWER(login) = LOWER(?)', [$login]) ->find_one(); if ($user) diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index 881d867cf..6dd79373d 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -116,7 +116,7 @@ class Auth_Internal extends Auth_Base implements IAuthModule2 { if ($login) { $user = ORM::for_table('ttrss_users') - ->where('login', $login) + ->where_raw('LOWER(login) = LOWER(?)', [$login]) ->find_one(); if ($user) { |