Authentication failed due to case sensitive SQL-queries

2019-03-07 19:50:04 +00:00 · 2019-03-07 19:50:04 +00:00 · 0a5384f6a8
parent 3dbb6b9932 958897dc0a
commit 0a5384f6a8
3 changed files with 6 additions and 8 deletions
--- a/include/lucidAuth.functions.php
+++ b/include/lucidAuth.functions.php
@ -66,11 +66,11 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
 			INSERT INTO SecureToken (UserId, Value)
 			SELECT User.Id, :securetoken
 			FROM User
-			WHERE User.Username = :qualifiedusername
+			WHERE LOWER(User.Username) = :qualifiedusername
 		');
 		$pdoQuery->execute([
 			':securetoken'			=>	$secureToken,
-			':qualifiedusername'	=>	$qualifiedUsername
+			':qualifiedusername'	=>	strtolower($qualifiedUsername)
 		]);
 	}
 	catch (Exception $e) {
@ -118,10 +118,10 @@ function validateToken (string $secureToken) {
 		FROM SecureToken
 		LEFT JOIN User
 			ON (User.Id=SecureToken.UserId)
-		WHERE User.Username = :username
+		WHERE LOWER(User.Username) = :username
 	');
 	$pdoQuery->execute([
-			':username'	=>	(string)$jwtPayload->sub
+			':username'	=>	(string) strtolower($jwtPayload->sub)
 		]);
 	foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
 		try {
--- a/include/lucidAuth.template.php
+++ b/include/lucidAuth.template.php
@ -14,7 +14,6 @@ $pageLayout['full'] = <<<'FULL'
 	<link href="misc/style.theme.css" rel="stylesheet" />
    <link href="misc/style.button.css" rel="stylesheet" />
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
-    <script src="misc/script.theme.js"></script>
    <script src="misc/script.translation.js"></script>
  </head>
  <body>
@ -47,7 +46,6 @@ $pageLayout['full_alt'] = <<<'FULL_ALT'
    <link href="misc/style.theme.css" rel="stylesheet" />
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
    <script src="misc/script.translation.js"></script>
-    <script src="misc/script.index.js"></script>
  </head>
  <body>
 	<div class="wrapper">
--- a/public/lucidAuth.manage.php
+++ b/public/lucidAuth.manage.php
@ -22,8 +22,8 @@
            throw new Exception($e);
        }
    	foreach($allUsers as $row) {
-            $tableRows[] = sprintf('<tr %1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
-                $validateTokenResult['uid'] === $row['Id'] ? 'class="currentuser"': null,
+            $tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
+                $validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
                $row['Id'],
                explode('\\', $row['Username'])[1],
                $row['Rolename'],