Changeset e17553d in github

Timestamp:

Nov 30, 2010 8:43:04 AM (2 years ago)

Author:

alecpl <alec@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

489ffbd

Parents:

fd371a51

Message:

• Add 'login_lc' config option for case-insensitive authentication (#1487113)
• Make username comparison case sensitive on MySQL

Files:

• CHANGELOG (modified) (1 diff)
• config/main.inc.php.dist (modified) (1 diff)
• program/include/rcmail.php (modified) (2 diffs)
• program/include/rcube_user.php (modified) (1 diff)

CHANGELOG

@@ -4 +4 @@
 - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
 - Fix attachments of type message/rfc822 are not listed on attachments list
+- Add 'login_lc' config option for case-insensitive authentication (#1487113)
 
 RELEASE 0.5-BETA

config/main.inc.php.dist

@@ -183 +183 @@
 // Allow browser-autocompletion on login form
 $rcmail_config['login_autocomplete'] = false;
+
+// If users authentication is not case sensitive this must be enabled.
+// You can also use it to force conversion of logins to lower case.
+$rcmail_config['login_lc'] = false;
 
 // automatically create a new Roundcube user when log-in the first time.

program/include/rcmail.php

@@ -679 +679 @@
     }
 
+    // Convert username to lowercase. If IMAP backend
+    // is case-insensitive we need to store always the same username (#1487113)
+    if ($config['login_lc']) {
+      $username = mb_strtolower($username);
+    }
+
     // try to resolve email address from virtuser table
-    if (strpos($username, '@'))
-      if ($virtuser = rcube_user::email2user($username))
-        $username = $virtuser;
+    if (strpos($username, '@') && ($virtuser = rcube_user::email2user($username))) {
+      $username = $virtuser;
+    }
 
     // Here we need IDNA ASCII
@@ -705 +711 @@
       // try with lowercase
       $username_lc = mb_strtolower($username);
-      if ($username_lc != $username && ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl)))
-        $username = $username_lc;
+      if ($username_lc != $username) {
+        // try to find user record again -> overwrite username
+        if (!$user && ($user = rcube_user::query($username_lc, $host)))
+          $username_lc = $user->data['username'];
+
+        if ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl))
+          $username = $username_lc;
+      }
     }
 

program/include/rcube_user.php

@@ -359 +359 @@
         $dbh = rcmail::get_instance()->get_dbh();
 
+        // use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive
+        $prefix = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY ' : '';
+
         // query for matching user name
         $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?";
-        $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
+
+        $sql_result = $dbh->query(sprintf($query, $prefix.'username'), $host, $user);
 
         // query for matching alias
         if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
-            $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
+            $sql_result = $dbh->query(sprintf($query, $prefix.'alias'), $host, $user);
             $sql_arr = $dbh->fetch_assoc($sql_result);
         }