Browse code
Beachte Groß- und Kleinshreibung beim Login
Bernd Wurst authored on 10/08/2012 07:33:38
Showing 1 changed files
| ... | ... |
@@ -39,10 +39,16 @@ function find_role($login, $password, $i_am_admin = False) |
| 39 | 39 |
$uid = (int) $login; |
| 40 | 40 |
if ($uid == 0) |
| 41 | 41 |
$uid = 'NULL'; |
| 42 |
- $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
|
|
| 42 |
+ $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
|
|
| 43 | 43 |
if (@mysql_num_rows($result) > 0) |
| 44 | 44 |
{
|
| 45 | 45 |
$entry = mysql_fetch_object($result); |
| 46 |
+ if ($entry->username != $login) {
|
|
| 47 |
+ // MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein. |
|
| 48 |
+ logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«.");
|
|
| 49 |
+ warning('Beachten Sie bei der Eingabe Ihrer Zugangsdaten bitte die Groß- und Kleinschreibung.');
|
|
| 50 |
+ return NULL; |
|
| 51 |
+ } |
|
| 46 | 52 |
$db_password = $entry->password; |
| 47 | 53 |
$hash = crypt($password, $db_password); |
| 48 | 54 |
if (($entry->status == 0 && $hash == $db_password) || $i_am_admin) |