From 7f83d7f25e307e826788a632f2fd7002ac88d0d2 Mon Sep 17 00:00:00 2001
From: Imran Hussain <imranh@sucs.org>
Date: Fri, 1 Nov 2019 11:49:05 +0000
Subject: [PATCH] Fix a potential issue relating to username case, force
 everything to lowercase

---
 public/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/index.php b/public/index.php
index 746f124..208b185 100755
--- a/public/index.php
+++ b/public/index.php
@@ -63,7 +63,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 	require("../lib/ldap-auth/ldap-auth.php");
 	$isAuthd = ldapAuth($_POST["username"], $_POST["password"]);
 
-	$username = $_POST["username"];
+    $username = strtolower($_POST['username']);
 
 	if ($isAuthd == "sucs"){
 		//do stuff for sucs auth
@@ -93,7 +93,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 
 	// connect to the sucssite db to get the username of the session
 	$db_connection = pg_connect("dbname=sucssite");
-	$username = pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username");
+	$username = strtolower(pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username"));
 
 	if ($username !== null && $username !== false) {
 		// we have a vlid username from a old session
-- 
GitLab