Commit 7f83d7f2 authored by Imran Hussain's avatar Imran Hussain
Browse files

Fix a potential issue relating to username case, force everything to lowercase

parent 6a7a67c3
......@@ -63,7 +63,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
require("../lib/ldap-auth/ldap-auth.php");
$isAuthd = ldapAuth($_POST["username"], $_POST["password"]);
$username = $_POST["username"];
$username = strtolower($_POST['username']);
if ($isAuthd == "sucs"){
//do stuff for sucs auth
......@@ -93,7 +93,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
// connect to the sucssite db to get the username of the session
$db_connection = pg_connect("dbname=sucssite");
$username = pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username");
$username = strtolower(pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username"));
if ($username !== null && $username !== false) {
// we have a vlid username from a old session
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment