diff --git a/core/user.class.php b/core/user.class.php index a609ebd5..7785854a 100644 --- a/core/user.class.php +++ b/core/user.class.php @@ -72,7 +72,7 @@ class User { public static function by_name(/*string*/ $name) { assert(is_string($name)); global $database; - $row = $database->get_row("SELECT * FROM users WHERE name = :name", array("name"=>$name)); + $row = $database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name)"), array("name"=>$name)); return is_null($row) ? null : new User($row); } @@ -81,7 +81,7 @@ class User { assert(is_string($hash)); assert(strlen($hash) == 32); global $database; - $row = $database->get_row("SELECT * FROM users WHERE name = :name AND pass = :hash", array("name"=>$name, "hash"=>$hash)); + $row = $database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name) AND pass = :hash"), array("name"=>$name, "hash"=>$hash)); return is_null($row) ? null : new User($row); } diff --git a/ext/user/main.php b/ext/user/main.php index ab61875c..5ec76a11 100644 --- a/ext/user/main.php +++ b/ext/user/main.php @@ -327,7 +327,7 @@ class UserPage extends Extension { $duser = User::by_name_and_hash($name, $hash); if(!is_null($duser)) { $user = $duser; - $this->set_login_cookie($name, $pass); + $this->set_login_cookie($duser->name, $pass); log_info("user", "{$user->class->name} logged in"); $page->set_mode("redirect"); $page->set_redirect(make_link("user")); @@ -353,7 +353,7 @@ class UserPage extends Extension { "Username contains invalid characters. Allowed characters are ". "letters, numbers, dash, and underscore"); } - else if($database->get_row("SELECT * FROM users WHERE name = :name", array("name"=>$name))) { + else if($database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name)"), array("name"=>$name))) { throw new UserCreationException("That username is already taken"); } }