public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 20:55:55 +00:00
Code Issues Releases Wiki Activity

authentication: make logins case-insensitive (force lowercase)

Browse Source
This commit is contained in:
Andrew Dolgov
2021-02-11 09:57:57 +03:00
parent e7e73193fe
commit 7af8744c85
8 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/api.php
View File

@@ -59,7 +59,7 @@ class API extends Handler {
if (SINGLE_USER_MODE) $login = "admin";
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {

4
classes/auth/base.php
View File

@@ -27,7 +27,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,access_level,last_login,created,pwd_hash,salt)
VALUES (?, 0, null, NOW(), ?,?)");
VALUES (LOWER(?), 0, null, NOW(), ?,?)");
$sth->execute([$login, $pwd_hash, $salt]);
return $this->find_user_by_login($login);
@@ -42,7 +42,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
function find_user_by_login($login) {
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
login = ?");
LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {

10
classes/handler/public.php
View File

@@ -248,7 +248,7 @@ class Handler_Public extends Handler {
$login = clean($_REQUEST["login"]);
$fresh = clean($_REQUEST["fresh"]) == "1";
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
@@ -272,7 +272,7 @@ class Handler_Public extends Handler {
if ($login) {
$sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title");
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND LOWER(login) = LOWER(?) ORDER BY title");
$sth->execute([$login]);
$rv = [ [ "value" => 0, "label" => __("Default profile") ] ];
@@ -941,7 +941,7 @@ class Handler_Public extends Handler {
if ($login) {
$sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users
WHERE login = ?");
WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
@@ -1026,7 +1026,7 @@ class Handler_Public extends Handler {
$_SESSION["pwdreset:testvalue2"] = rand(1, 1000);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users
WHERE login = ? AND email = ?");
WHERE LOWER(login) = LOWER(?) AND email = ?");
$sth->execute([$login, $email]);
if ($row = $sth->fetch()) {
@@ -1066,7 +1066,7 @@ class Handler_Public extends Handler {
$sth = $this->pdo->prepare("UPDATE ttrss_users
SET resetpass_token = ?
WHERE login = ? AND email = ?");
WHERE LOWER(login) = LOWER(?) AND email = ?");
$sth->execute([$resetpass_token_full, $login, $email]);

8
classes/pref/users.php
View File

@@ -206,7 +206,7 @@ class Pref_Users extends Handler_Protected {
$pass_query_part = "";
}
$sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = ?,
$sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = LOWER(?),
access_level = ?, email = ?, otp_enabled = false WHERE id = ?");
$sth->execute([$login, $access_level, $email, $uid]);
@@ -238,18 +238,18 @@ class Pref_Users extends Handler_Protected {
if (!$login) return; // no blank usernames
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
login = ?");
LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if (!$sth->fetch()) {
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created, salt)
VALUES (?, ?, 0, null, NOW(), ?)");
VALUES (LOWER(?), ?, 0, null, NOW(), ?)");
$sth->execute([$login, $pwd_hash, $salt]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
login = ? AND pwd_hash = ?");
LOWER(login) = LOWER(?) AND pwd_hash = ?");
$sth->execute([$login, $pwd_hash]);
if ($row = $sth->fetch()) {