[SUCS Devel] [Git][sucssite/sso][master] 2 commits: Fix a potential issue relating to username case, force everything to lowercase

Imran Hussain imranh at sucs.org
Fri Nov 1 12:12:52 GMT 2019 


Imran Hussain pushed to branch master at sucssite / sso


Commits:
7f83d7f2 by Imran Hussain at 2019-11-01T11:49:05Z
Fix a potential issue relating to username case, force everything to lowercase
- - - - -
08d364c6 by Imran Hussain at 2019-11-01T12:07:15Z
Tweak a bug introduced when making sure legacy site usernames are lowercase

- - - - -


1 changed file:

- public/index.php


Changes:

=====================================
public/index.php
=====================================
@@ -63,7 +63,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 	require("../lib/ldap-auth/ldap-auth.php");
 	$isAuthd = ldapAuth($_POST["username"], $_POST["password"]);
 
-	$username = $_POST["username"];
+	$username = strtolower($_POST["username"]);
 
 	if ($isAuthd == "sucs"){
 		//do stuff for sucs auth
@@ -95,7 +95,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 	$db_connection = pg_connect("dbname=sucssite");
 	$username = pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username");
 
-	if ($username !== null && $username !== false) {
+	if ($username !== null && $username !== false && username !== "") {
 		// we have a vlid username from a old session
 		$DB_CON->exec("UPDATE sessions SET sucs_username='${username}' WHERE id='${SESSIONID}'");
 		$SUCS_LOGIN = true;
@@ -234,4 +234,4 @@ if ($RATELIMITED) {
 
 	</body>
 
-</html>
\ No newline at end of file
+</html>



View it on GitLab: https://projects.sucs.org/sucssite/sso/compare/6a7a67c3911a81093e7555de921184b74b15a29b...08d364c62d26a8c7b4a431582d1acb8dab9fe042

-- 
View it on GitLab: https://projects.sucs.org/sucssite/sso/compare/6a7a67c3911a81093e7555de921184b74b15a29b...08d364c62d26a8c7b4a431582d1acb8dab9fe042
You're receiving this email because of your account on projects.sucs.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20191101/7264f4e5/attachment-0001.html>

More information about the Devel mailing list