From 63ff3527ae33b83c76158459e43fa8482cd6914d Mon Sep 17 00:00:00 2001
From: Kevin Yeh <kevinyeh@alum.mit.edu>
Date: Thu, 11 Jul 2013 10:29:41 -0400
Subject: [PATCH] case sensitive passwords

---
 library/authentication/login_operations.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/authentication/login_operations.php b/library/authentication/login_operations.php
index 918b27230..78738eb24 100644
--- a/library/authentication/login_operations.php
+++ b/library/authentication/login_operations.php
@@ -55,8 +55,14 @@ function validate_user_password($username,&$password,$provider)
     {  
         if((!isset($GLOBALS['password_compatibility'])||$GLOBALS['password_compatibility']))           // use old password scheme if allowed.
         {
-            $getUserSQL="select id, password from users where username = ?";
-            $userInfo = privQuery($getUserSQL,array($username));            
+            $getUserSQL="select username,id, password from users where BINARY username = ?";
+            $userInfo = privQuery($getUserSQL,array($username));
+            if($userInfo===false)
+            {
+                return false;
+            }
+                
+            $username=$userInfo['username'];
             $dbPasswordLen=strlen($userInfo['password']);
             if($dbPasswordLen==32)
             {
-- 
2.11.4.GIT