Make email and handle lookups case-insensitive

2024-11-30 06:22:47 -05:00 · 2024-11-30 06:22:47 -05:00 · 7f2a2deeb5
commit 7f2a2deeb5
parent 16092b411e
6 changed files with 9 additions and 9 deletions
--- a/lib/config.php
+++ b/lib/config.php
@ -109,7 +109,7 @@ function password_check($account)
        );} else {if (sha1($_POST["password"]) === $account->password):
            $stmt = $db["data"]->prepare('UPDATE members
            SET password = :password
-            WHERE email = :email');
+            WHERE LOWER(email) = LOWER(:email)');
            $new_password = password_hash(
                $_POST["password"],
                PASSWORD_ARGON2ID
--- a/www/account/edit.php
+++ b/www/account/edit.php
@ -14,7 +14,7 @@ function validate_fields($data)

    if ($_SESSION["account"]->handle !== $_POST["handle"]) {
        $stmt = $db["data"]->prepare(
-            "SELECT COUNT(*) FROM members WHERE UPPER(handle) = UPPER(:handle)"
+            "SELECT COUNT(*) FROM members WHERE LOWER(handle) = LOWER(:handle)"
        );
        $stmt->execute([
            "handle" => $data["handle"],
@ -27,7 +27,7 @@ function validate_fields($data)

    if ($_SESSION["account"]->email !== $_POST["email"]) {
        $stmt = $db["data"]->prepare(
-            "SELECT COUNT(*) FROM members WHERE email = :email"
+            "SELECT COUNT(*) FROM members WHERE LOWER(email) = LOWER(:email)"
        );
        $stmt->execute([
            "email" => $data["email"],
--- a/www/forgot-password.php
+++ b/www/forgot-password.php
@ -93,7 +93,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"):
            $errors["email"] = "Please enter an email address.";
        } else {
            $stmt = $db["data"]->prepare(
-                "SELECT id FROM members WHERE email = :email"
+                "SELECT id FROM members WHERE LOWER(email) = LOWER(:email)"
            );
            $stmt->execute([
                "email" => $_POST["email"],
--- a/www/login.php
+++ b/www/login.php
@ -10,7 +10,7 @@ $title = "Login";

 if ($_SERVER["REQUEST_METHOD"] === "POST"): ?>
 <?php
-$stmt = $db["data"]->prepare("SELECT * FROM members WHERE email = :email");
+$stmt = $db["data"]->prepare("SELECT * FROM members WHERE LOWER(email) = LOWER(:email)");
 $results = $stmt->execute([
    "email" => $_POST["email"],
 ]);
--- a/www/members/member.php
+++ b/www/members/member.php
@ -11,7 +11,7 @@ biography,
 links,
 created_at,
 last_access
-FROM members WHERE UPPER(handle) = UPPER(:handle)";
+FROM members WHERE LOWER(handle) = LOWER(:handle)";

 $stmt = $db['data']->prepare($sql);
 $stmt->execute([
--- a/www/signup.php
+++ b/www/signup.php
@ -5,7 +5,7 @@ function validate_fields($data)
    global $db;
    $errors = [];

-    $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE email = :email");
+    $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE LOWER(email) = LOWER(:email)");
    $stmt->execute([
        "email" => $data["email"],
    ]);
@ -13,7 +13,7 @@ function validate_fields($data)
        $errors["email"] = "That email address is already in use.";
    }

-    $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE UPPER(handle) = UPPER(:handle)");
+    $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE LOWER(handle) = LOWER(:handle)");
    $stmt->execute([
        "handle" => $data["handle"],
    ]);
@ -54,7 +54,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"):
            "last_access" => date("Y-m-dTH:i:s"),
        ]);

-        $stmt = $db['data']->query('SELECT * FROM members WHERE email = :email');
+        $stmt = $db['data']->query('SELECT * FROM members WHERE LOWER(email) = LOWER(:email)');
        $stmt->execute([
        'email' => $_POST['email'],
        ]);