Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

- Add 'login_lc' config option for case-insensitive authentication (#…

…1487113)

- Make username comparison case sensitive on MySQL
  • Loading branch information...
commit e17553d9548d4870a4579a86c6e425a7f32aecf5 1 parent fd371a5
@alecpl alecpl authored
View
1  CHANGELOG
@@ -3,6 +3,7 @@ CHANGELOG Roundcube Webmail
- Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
- Fix attachments of type message/rfc822 are not listed on attachments list
+- Add 'login_lc' config option for case-insensitive authentication (#1487113)
RELEASE 0.5-BETA
----------------
View
4 config/main.inc.php.dist
@@ -183,6 +183,10 @@ $rcmail_config['force_https'] = false;
// Allow browser-autocompletion on login form
$rcmail_config['login_autocomplete'] = false;
+// If users authentication is not case sensitive this must be enabled.
+// You can also use it to force conversion of logins to lower case.
+$rcmail_config['login_lc'] = false;
+
// automatically create a new Roundcube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
View
22 program/include/rcmail.php
@@ -678,10 +678,16 @@ function login($username, $pass, $host=NULL)
$username .= '@'.rcube_parse_host($config['username_domain']);
}
+ // Convert username to lowercase. If IMAP backend
+ // is case-insensitive we need to store always the same username (#1487113)
+ if ($config['login_lc']) {
+ $username = mb_strtolower($username);
+ }
+
// try to resolve email address from virtuser table
- if (strpos($username, '@'))
- if ($virtuser = rcube_user::email2user($username))
- $username = $virtuser;
+ if (strpos($username, '@') && ($virtuser = rcube_user::email2user($username))) {
+ $username = $virtuser;
+ }
// Here we need IDNA ASCII
// Only rcube_contacts class is using domain names in Unicode
@@ -704,8 +710,14 @@ function login($username, $pass, $host=NULL)
if (!($imap_login = $this->imap->connect($host, $username, $pass, $imap_port, $imap_ssl))) {
// try with lowercase
$username_lc = mb_strtolower($username);
- if ($username_lc != $username && ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl)))
- $username = $username_lc;
+ if ($username_lc != $username) {
+ // try to find user record again -> overwrite username
+ if (!$user && ($user = rcube_user::query($username_lc, $host)))
+ $username_lc = $user->data['username'];
+
+ if ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl))
+ $username = $username_lc;
+ }
}
// exit if IMAP login failed
View
8 program/include/rcube_user.php
@@ -358,13 +358,17 @@ static function query($user, $host)
{
$dbh = rcmail::get_instance()->get_dbh();
+ // use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive
+ $prefix = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY ' : '';
+
// query for matching user name
$query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?";
- $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
+
+ $sql_result = $dbh->query(sprintf($query, $prefix.'username'), $host, $user);
// query for matching alias
if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
- $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
+ $sql_result = $dbh->query(sprintf($query, $prefix.'alias'), $host, $user);
$sql_arr = $dbh->fetch_assoc($sql_result);
}
Please sign in to comment.
Something went wrong with that request. Please try again.