From e7471eb183c8671cd3ad67177377ef8617eb3fd8 Mon Sep 17 00:00:00 2001
From: xevidos <xevidos@gmail.com>
Date: Mon, 4 Mar 2019 15:09:48 -0500
Subject: [PATCH] Added case insensitive usernames.

---
 components/user/class.user.php | 2 +-
 components/user/controller.php | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/user/class.user.php b/components/user/class.user.php
index f39c51d..b6e752e 100755
--- a/components/user/class.user.php
+++ b/components/user/class.user.php
@@ -347,7 +347,7 @@ class User {
 	
 	public static function CleanUsername( $username ) {
 		
-		return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
+		return strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ) );
 	}
 	
 	//////////////////////////////////////////////////////////////////
diff --git a/components/user/controller.php b/components/user/controller.php
index 50bf11c..266d3a6 100755
--- a/components/user/controller.php
+++ b/components/user/controller.php
@@ -32,7 +32,7 @@ if ($_GET['action']=='authenticate') {
         die(formatJSEND("error", "Missing username or password"));
     }
         
-    $User->username = $_POST['username'];
+    $User->username = User::CleanUsername( $_POST['username'] );
     $User->password = $_POST['password'];
 
     // check if the asked languages exist and is registered in languages/code.php
@@ -68,7 +68,7 @@ if ($_GET['action']=='create') {
             die(formatJSEND("error", "Missing username or password"));
         }
             
-        $User->username = User::CleanUsername($_POST['username']);
+        $User->username = User::CleanUsername( $_POST['username'] );
         $User->password = $_POST['password'];
         $User->Create();
     }
@@ -84,7 +84,7 @@ if ($_GET['action']=='delete') {
             die(formatJSEND("error", "Missing username"));
         }
             
-        $User->username = $_GET['username'];
+        $User->username = User::CleanUsername( $_GET['username'] );
         $User->Delete();
     }
 }
@@ -99,7 +99,7 @@ if ($_GET['action']=='password') {
     }
         
     if (checkAccess() || $_POST['username'] == $_SESSION['user']) {
-        $User->username = $_POST['username'];
+        $User->username = User::CleanUsername( $_POST['username'] );
         $User->password = $_POST['password'];
         $User->Password();
     }