public/index.php

@@ -63,7 +63,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 	require("../lib/ldap-auth/ldap-auth.php");
 	$isAuthd = ldapAuth($_POST["username"], $_POST["password"]);
 
-	$username = $_POST["username"];
+	$username = strtolower($_POST["username"]);
 
 	if ($isAuthd == "sucs"){
 		//do stuff for sucs auth
@@ -95,7 +95,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 	$db_connection = pg_connect("dbname=sucssite");
 	$username = pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username");
 
-	if ($username !== null && $username !== false) {
+	if ($username !== null && $username !== false && username !== "") {
 		// we have a vlid username from a old session
 		$DB_CON->exec("UPDATE sessions SET sucs_username='${username}' WHERE id='${SESSIONID}'");
 		$SUCS_LOGIN = true;
@@ -234,4 +234,4 @@ if ($RATELIMITED) {
 
 	</body>
 
-</html>
\ No newline at end of file
+</html>