Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure that UserID matches database when logging in (#3178)
The MySQL string comparison in SinglePointLogin was authenticating in a case-insensitive manner, resulting in various places in the code failing if they tried to compare $_SESSION['State']->getUsername() (which has the value from when the user logged in) with User::singleton()->getUsername() (which has the value from the database) in PHP (which, unlike MySQL, *is* case sensitive.) This updates the SinglePointLogin class so that it uses the username from the database, rather than the HTTP request for the username in $_SESSION['State'].
- Loading branch information