summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2010-11-30 13:43:04 +0000
committeralecpl <alec@alec.pl>2010-11-30 13:43:04 +0000
commite17553d9548d4870a4579a86c6e425a7f32aecf5 (patch)
treed10907a9d83471a0266cf9e40e7629078090f61b /program/include
parentfd371a519d64bbcf6d35288e532dc2179ff1e462 (diff)
- Add 'login_lc' config option for case-insensitive authentication (#1487113)
- Make username comparison case sensitive on MySQL
Diffstat (limited to 'program/include')
-rw-r--r--program/include/rcmail.php22
-rw-r--r--program/include/rcube_user.php8
2 files changed, 23 insertions, 7 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index d376e98bf..0eecd8ddb 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -678,10 +678,16 @@ class rcmail
$username .= '@'.rcube_parse_host($config['username_domain']);
}
+ // Convert username to lowercase. If IMAP backend
+ // is case-insensitive we need to store always the same username (#1487113)
+ if ($config['login_lc']) {
+ $username = mb_strtolower($username);
+ }
+
// try to resolve email address from virtuser table
- if (strpos($username, '@'))
- if ($virtuser = rcube_user::email2user($username))
- $username = $virtuser;
+ if (strpos($username, '@') && ($virtuser = rcube_user::email2user($username))) {
+ $username = $virtuser;
+ }
// Here we need IDNA ASCII
// Only rcube_contacts class is using domain names in Unicode
@@ -704,8 +710,14 @@ class rcmail
if (!($imap_login = $this->imap->connect($host, $username, $pass, $imap_port, $imap_ssl))) {
// try with lowercase
$username_lc = mb_strtolower($username);
- if ($username_lc != $username && ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl)))
- $username = $username_lc;
+ if ($username_lc != $username) {
+ // try to find user record again -> overwrite username
+ if (!$user && ($user = rcube_user::query($username_lc, $host)))
+ $username_lc = $user->data['username'];
+
+ if ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl))
+ $username = $username_lc;
+ }
}
// exit if IMAP login failed
diff --git a/program/include/rcube_user.php b/program/include/rcube_user.php
index e4506cff7..ee6db77cc 100644
--- a/program/include/rcube_user.php
+++ b/program/include/rcube_user.php
@@ -358,13 +358,17 @@ class rcube_user
{
$dbh = rcmail::get_instance()->get_dbh();
+ // use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive
+ $prefix = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY ' : '';
+
// query for matching user name
$query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?";
- $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
+
+ $sql_result = $dbh->query(sprintf($query, $prefix.'username'), $host, $user);
// query for matching alias
if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
- $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
+ $sql_result = $dbh->query(sprintf($query, $prefix.'alias'), $host, $user);
$sql_arr = $dbh->fetch_assoc($sql_result);
}