'NoCase' setting is not appropriately checked upon login for servers where eA is configured to be case sensitive

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. set 'NoCase' => false (meaning accounts ARE case sensitive)
2. create 2 accounts: Test, test
(to demonstrate the bug, use different passwords)

What is the expected output? What do you see instead?
3. (assuming 'Test' is the first account) - 
login to the CP using 'test' (and the password for 'test')
4. the CP will accept your login, since you provided a valid user/password.
But the ACCOUNT that you are logged in as will be "Test" !

I think the problem is in ../modules/account/login.php (line 43)
  $sql = "SELECT account_id FROM {$loginAthenaGroup->loginDatabase}.login
WHERE userid = ? LIMIT 1";

That should be modified so it checks the 'NoCase' config, 
and uses 'BINARY userid' if 'NoCase' => false.

What version of the product are you using? On what operating system?
r940

Original issue reported on code.google.com by brian.j....@gmail.com on 4 Nov 2009 at 5:32

GoogleCodeExporter commented 9 years ago

Confirmed.

Original comment by Paradox924X on 6 Apr 2010 at 6:46

Changed state: Accepted
Added labels: Priority-High, Security
Removed labels: Priority-Medium

GoogleCodeExporter commented 9 years ago

Fixed in r949.

Original comment by Paradox924X on 6 Apr 2010 at 7:08

Changed title: 'NoCase' setting is not appropriately checked upon login for servers where eA is configured to be case sensitive
Changed state: Fixed

Nerfact / fluxcp

'NoCase' setting is not appropriately checked upon login for servers where eA is configured to be case sensitive #31