[Vtigercrm-developers] email is case sensitive when when using forgotpassword
Hamono, Chris (DPC)
Chris.Hamono at sa.gov.au
Mon Jul 28 06:01:37 GMT 2014
When someone has forgotten their password the email address is case sensitive.
The following code in forgotPassword.php
$username = vtlib_purify($_REQUEST['user_name']);
$result = $adb->pquery('select email1 from vtiger_users where user_name= ? ', array($username));
if($adb->num_rows($result) > 0) {
$email = $adb->query_result($result, 0, 'email1');
}
if(vtlib_purify($_REQUEST['emailId']) == $email) {
Should be changed to
$username = vtlib_purify($_REQUEST['user_name']);
$result = $adb->pquery('select email1 from vtiger_users where user_name= ? ', array($username));
if($adb->num_rows($result) > 0) {
$email = $adb->query_result($result, 0, 'email1');
}
if(strcasecmp ($_REQUEST['emailId'],$email) === 0) {
It is important to note that comparisons done using == or === are always case sensitive. It's also important to note that comparisons should always be done with the type sensitive comparison operators === or !==
$int = 0;
$name = "";
If ($int == $name) { <== true
If ($int === $name) { <== false
Chris
More information about the vtigercrm-developers
mailing list