Index: kernel/classes/datatypes/ezuser/ezuser.php =================================================================== --- kernel/classes/datatypes/ezuser/ezuser.php (revision 22373) +++ kernel/classes/datatypes/ezuser/ezuser.php (working copy) @@ -257,6 +257,20 @@ return count( $rows ) > 0; } + function setAttribute( $attr, $val ) + { + $ini = eZINI::instance(); + $lowerCaseEmailAndLogin = $ini->variable( 'UserSettings', 'LowerCaseEmailAndLogin' ) == 'enabled'; + + if ( $lowerCaseEmailAndLogin && ( $attr == 'login' || $attr == 'email' ) ) + { + $trans = eZCharTransform::instance(); + $val = $trans->transformByGroup( $val, 'lowercase' ); + } + + eZPersistentObject::setAttribute( $attr, $val ); + } + /*! Fills in the \a $id, \a $login, \a $email and \a $password for the user and creates the proper password hash. @@ -266,6 +280,7 @@ $this->setAttribute( "contentobject_id", $id ); $this->setAttribute( "email", $email ); $this->setAttribute( "login", $login ); + $login = $this->attribute( "login" ); if ( eZUser::validatePassword( $password ) and $password == $passwordConfirm ) // Cannot change login or password_hash without login and password { @@ -292,18 +307,34 @@ static function fetchByName( $login, $asObject = true ) { + $trans = eZCharTransform::instance(); + $login = $trans->transformByGroup( $login, 'lowercase' ); + + $ini = eZINI::instance(); + $lowerCaseEmailAndLogin = $ini->variable( 'UserSettings', 'LowerCaseEmailAndLogin' ) == 'enabled'; + + $conds = $lowerCaseEmailAndLogin ? array( 'login' => $login ) : array( 'LOWER( login )' => $login ); + return eZPersistentObject::fetchObject( eZUser::definition(), null, - array( 'LOWER( login )' => strtolower( $login ) ), + $conds, $asObject ); } static function fetchByEmail( $email, $asObject = true ) { + $trans = eZCharTransform::instance(); + $email = $trans->transformByGroup( $email, 'lowercase' ); + + $ini = eZINI::instance(); + $lowerCaseEmailAndLogin = $ini->variable( 'UserSettings', 'LowerCaseEmailAndLogin' ) == 'enabled'; + + $conds = $lowerCaseEmailAndLogin ? array( 'email' => $email ) : array( 'LOWER( email )' => $email ); + return eZPersistentObject::fetchObject( eZUser::definition(), - null, - array( 'LOWER( email )' => strtolower( $email ) ), - $asObject ); + null, + $conds, + $asObject ); } /*! @@ -701,6 +732,14 @@ if ( $authenticationMatch === false ) $authenticationMatch = eZUser::authenticationMatch(); + $ini = eZINI::instance(); + $lowerCaseEmailAndLogin = $ini->variable( 'UserSettings', 'LowerCaseEmailAndLogin' ) == 'enabled'; + if ( $lowerCaseEmailAndLogin ) + { + $trans = eZCharTransform::instance(); + $login = $trans->transformByGroup( $login, 'lowercase' ); + } + $loginEscaped = $db->escapeString( $login ); $passwordEscaped = $db->escapeString( $password ); @@ -723,8 +762,9 @@ $ini = eZINI::instance(); $databaseImplementation = $ini->variable( 'DatabaseSettings', 'DatabaseImplementation' ); + $isMySQL = ( $databaseImplementation == "ezmysql" or $databaseImplementation == 'ezmysqli' ); // if mysql - if ( $databaseImplementation == "ezmysql" ) + if ( $isMySQL ) { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login FROM ezuser, ezcontentobject @@ -748,7 +788,7 @@ if ( $users !== false and count( $users ) >= 1 ) { //include_once( 'lib/ezutils/classes/ezini.php' ); - $ini = eZINI::instance(); + $updateHash = ( strtolower( $ini->variable( 'UserSettings', 'UpdateHash' ) ) == 'true' ); foreach ( $users as $userRow ) { $userID = $userRow['contentobject_id']; @@ -759,7 +799,7 @@ $hash ); // If hash type is MySql - if ( $hashType == self::PASSWORD_HASH_MYSQL and $databaseImplementation == "ezmysql" ) + if ( $hashType == self::PASSWORD_HASH_MYSQL and $isMySQL ) { $queryMysqlUser = "SELECT contentobject_id, password_hash, password_hash_type, email, login FROM ezuser, ezcontentobject @@ -785,8 +825,7 @@ //include_once( "kernel/classes/datatypes/ezuser/ezusersetting.php" ); $userSetting = eZUserSetting::fetch( $userID ); $isEnabled = $userSetting->attribute( "is_enabled" ); - if ( $hashType != eZUser::hashType() and - strtolower( $ini->variable( 'UserSettings', 'UpdateHash' ) ) == 'true' ) + if ( $hashType != eZUser::hashType() and $updateHash ) { $hashType = eZUser::hashType(); $hash = eZUser::createHash( $login, $password, eZUser::site(), Index: settings/site.ini =================================================================== --- settings/site.ini (revision 22373) +++ settings/site.ini (working copy) @@ -430,6 +430,12 @@ # note: password hashes generated with md5_site will not work after # changing the site name. HashType=md5_user +# If e-mail and login should be stored in lowercase characters in the database. +# When they are stored in lowercase, some more optimized SQL queries are used. +# Is disabled by default for backward compatibility, because the user name is used +# to create the password hash with the default hash type md5_user. It is recommended +# though to enable this for new installations. +LowerCaseEmailAndLogin=disabled # What SiteName should be used when hashing the user_password # with the 'md5_site' HashType SiteName=ez.no