From 5a3b4dae492b5bad47a755386e8a57821f5f8c53 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Mon, 10 Dec 2012 21:28:41 +0000
Subject: [PATCH] normalise usernames

---
 core/user.class.php | 4 ++--
 ext/user/main.php   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/user.class.php b/core/user.class.php
index a609ebd5..7785854a 100644
--- a/core/user.class.php
+++ b/core/user.class.php
@@ -72,7 +72,7 @@ class User {
 	public static function by_name(/*string*/ $name) {
 		assert(is_string($name));
 		global $database;
-		$row = $database->get_row("SELECT * FROM users WHERE name = :name", array("name"=>$name));
+		$row = $database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name)"), array("name"=>$name));
 		return is_null($row) ? null : new User($row);
 	}
 
@@ -81,7 +81,7 @@ class User {
 		assert(is_string($hash));
 		assert(strlen($hash) == 32);
 		global $database;
-		$row = $database->get_row("SELECT * FROM users WHERE name = :name AND pass = :hash", array("name"=>$name, "hash"=>$hash));
+		$row = $database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name) AND pass = :hash"), array("name"=>$name, "hash"=>$hash));
 		return is_null($row) ? null : new User($row);
 	}
 
diff --git a/ext/user/main.php b/ext/user/main.php
index ab61875c..5ec76a11 100644
--- a/ext/user/main.php
+++ b/ext/user/main.php
@@ -327,7 +327,7 @@ class UserPage extends Extension {
 		$duser = User::by_name_and_hash($name, $hash);
 		if(!is_null($duser)) {
 			$user = $duser;
-			$this->set_login_cookie($name, $pass);
+			$this->set_login_cookie($duser->name, $pass);
 			log_info("user", "{$user->class->name} logged in");
 			$page->set_mode("redirect");
 			$page->set_redirect(make_link("user"));
@@ -353,7 +353,7 @@ class UserPage extends Extension {
 					"Username contains invalid characters. Allowed characters are ".
 					"letters, numbers, dash, and underscore");
 		}
-		else if($database->get_row("SELECT * FROM users WHERE name = :name", array("name"=>$name))) {
+		else if($database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name)"), array("name"=>$name))) {
 			throw new UserCreationException("That username is already taken");
 		}
 	}