From b8cbb167d493191eee2dafec1949fcdd47dddaca Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Fri, 16 Aug 2024 14:28:20 +0300
Subject: enforce lowercase usernames while keeping backwards-compatibility for
 authentication

---
 classes/UserHelper.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'classes')

diff --git a/classes/UserHelper.php b/classes/UserHelper.php
index 92c397764..0c2ed349b 100644
--- a/classes/UserHelper.php
+++ b/classes/UserHelper.php
@@ -62,6 +62,7 @@ class UserHelper {
 		if (!Config::get(Config::SINGLE_USER_MODE)) {
 			$user_id = false;
 			$auth_module = false;
+			$login = mb_strtolower($login);
 
 			PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_AUTH_USER,
 				function ($result, $plugin) use (&$user_id, &$auth_module) {
@@ -222,7 +223,7 @@ class UserHelper {
 
 	static function find_user_by_login(string $login): ?int {
 		$user = ORM::for_table('ttrss_users')
-			->where('login', $login)
+			->where_raw('LOWER(login) = LOWER(?)', [$login])
 			->find_one();
 
 		if ($user)
-- 
cgit v1.2.3-54-g00ecf