From 7f2a2deeb55abc806a89e05661b3cb5dd1ae72ce Mon Sep 17 00:00:00 2001 From: Ainsley Ellis Date: Sat, 30 Nov 2024 06:22:47 -0500 Subject: [PATCH] Make email and handle lookups case-insensitive --- lib/config.php | 2 +- www/account/edit.php | 4 ++-- www/forgot-password.php | 2 +- www/login.php | 2 +- www/members/member.php | 2 +- www/signup.php | 6 +++--- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/config.php b/lib/config.php index 1b04e19..0dfcee4 100644 --- a/lib/config.php +++ b/lib/config.php @@ -109,7 +109,7 @@ function password_check($account) );} else {if (sha1($_POST["password"]) === $account->password): $stmt = $db["data"]->prepare('UPDATE members SET password = :password - WHERE email = :email'); + WHERE LOWER(email) = LOWER(:email)'); $new_password = password_hash( $_POST["password"], PASSWORD_ARGON2ID diff --git a/www/account/edit.php b/www/account/edit.php index 1d0c84a..7307b88 100644 --- a/www/account/edit.php +++ b/www/account/edit.php @@ -14,7 +14,7 @@ function validate_fields($data) if ($_SESSION["account"]->handle !== $_POST["handle"]) { $stmt = $db["data"]->prepare( - "SELECT COUNT(*) FROM members WHERE UPPER(handle) = UPPER(:handle)" + "SELECT COUNT(*) FROM members WHERE LOWER(handle) = LOWER(:handle)" ); $stmt->execute([ "handle" => $data["handle"], @@ -27,7 +27,7 @@ function validate_fields($data) if ($_SESSION["account"]->email !== $_POST["email"]) { $stmt = $db["data"]->prepare( - "SELECT COUNT(*) FROM members WHERE email = :email" + "SELECT COUNT(*) FROM members WHERE LOWER(email) = LOWER(:email)" ); $stmt->execute([ "email" => $data["email"], diff --git a/www/forgot-password.php b/www/forgot-password.php index 01076ee..e12416f 100644 --- a/www/forgot-password.php +++ b/www/forgot-password.php @@ -93,7 +93,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"): $errors["email"] = "Please enter an email address."; } else { $stmt = $db["data"]->prepare( - "SELECT id FROM members WHERE email = :email" + "SELECT id FROM members WHERE LOWER(email) = LOWER(:email)" ); $stmt->execute([ "email" => $_POST["email"], diff --git a/www/login.php b/www/login.php index e3a0101..c9ddf55 100644 --- a/www/login.php +++ b/www/login.php @@ -10,7 +10,7 @@ $title = "Login"; if ($_SERVER["REQUEST_METHOD"] === "POST"): ?> prepare("SELECT * FROM members WHERE email = :email"); +$stmt = $db["data"]->prepare("SELECT * FROM members WHERE LOWER(email) = LOWER(:email)"); $results = $stmt->execute([ "email" => $_POST["email"], ]); diff --git a/www/members/member.php b/www/members/member.php index 2692db9..5564502 100644 --- a/www/members/member.php +++ b/www/members/member.php @@ -11,7 +11,7 @@ biography, links, created_at, last_access -FROM members WHERE UPPER(handle) = UPPER(:handle)"; +FROM members WHERE LOWER(handle) = LOWER(:handle)"; $stmt = $db['data']->prepare($sql); $stmt->execute([ diff --git a/www/signup.php b/www/signup.php index b951ada..a7d68ab 100644 --- a/www/signup.php +++ b/www/signup.php @@ -5,7 +5,7 @@ function validate_fields($data) global $db; $errors = []; - $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE email = :email"); + $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE LOWER(email) = LOWER(:email)"); $stmt->execute([ "email" => $data["email"], ]); @@ -13,7 +13,7 @@ function validate_fields($data) $errors["email"] = "That email address is already in use."; } - $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE UPPER(handle) = UPPER(:handle)"); + $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE LOWER(handle) = LOWER(:handle)"); $stmt->execute([ "handle" => $data["handle"], ]); @@ -54,7 +54,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"): "last_access" => date("Y-m-dTH:i:s"), ]); - $stmt = $db['data']->query('SELECT * FROM members WHERE email = :email'); + $stmt = $db['data']->query('SELECT * FROM members WHERE LOWER(email) = LOWER(:email)'); $stmt->execute([ 'email' => $_POST['email'], ]);