[Vtigercrm-developers] email is case sensitive when when using forgotpassword

Hamono, Chris (DPC) Chris.Hamono at sa.gov.au
Mon Jul 28 06:01:37 GMT 2014


When someone has forgotten their password the email address is case sensitive.

The following code in forgotPassword.php

	$username = vtlib_purify($_REQUEST['user_name']);
	$result = $adb->pquery('select email1 from vtiger_users where user_name= ? ', array($username));
	if($adb->num_rows($result) > 0) {
		$email = $adb->query_result($result, 0, 'email1');
	}

	if(vtlib_purify($_REQUEST['emailId']) == $email) {



Should be changed to

	$username = vtlib_purify($_REQUEST['user_name']);
	$result = $adb->pquery('select email1 from vtiger_users where user_name= ? ', array($username));
	if($adb->num_rows($result) > 0) {
		$email = $adb->query_result($result, 0, 'email1');
	}

	if(strcasecmp ($_REQUEST['emailId'],$email)  ===  0) {

It is important to note that comparisons done using == or === are always case sensitive. It's also important to note that comparisons should always be done with the type sensitive comparison operators  === or !==

$int = 0;
$name = "";

If ($int == $name) { <== true

If ($int === $name) { <== false


Chris



More information about the vtigercrm-developers mailing list