From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Thu, 22 Jun 2023 13:36:04 +0000 (+0200)
Subject: wip #6059 @1.5
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=9aa97fb6d4d52e5e4a4911a5ffbeca1be7672a4f;p=fluidbook-toolbox.git

wip #6059 @1.5
---

diff --git a/app/Fluidbook/Compiler/Secure.php b/app/Fluidbook/Compiler/Secure.php
index 6d72faf80..b718bb8b1 100644
--- a/app/Fluidbook/Compiler/Secure.php
+++ b/app/Fluidbook/Compiler/Secure.php
@@ -30,7 +30,7 @@ trait Secure
                 continue;
             }
             $usersalt = bin2hex(random_bytes(5));
-            $user = hash("sha256", $usersalt . '+' . $e[0]);
+            $user = hash("sha256", $usersalt . '+' . mb_strtolower($e[0]));
             $users[$user] = ['salt' => $salt, 'usersalt' => $usersalt, 'hash' => hash("sha256", $salt . '-' . $e[1])];
         }
         return $users;
@@ -85,11 +85,15 @@ trait Secure
         $variables['FORM_SIGN_IN'] = $locale['Sign in'] ?? 'Sign in';
         $variables['CODE'] = '$(function () {
             $(\'form\').on(\'submit\', function () {
-                var u = $("#username").val();
+                var u = $("#username").val().toLowerCase();
                 var p = $("#password").val();
                 var error = true;
                 $.each(CREDENTIALS, function (user, data) {
-                    if (forge_sha256(data.usersalt + \'+\' + u) === user && forge_sha256(data.salt + \'-\' + p) === data.hash) {
+                    let hu = forge_sha256(data.usersalt + \'+\' + u);
+                    let hp = forge_sha256(data.salt + \'-\' + p);
+
+                    console.log(hu,hp)
+                    if (hu === user && hp === data.hash) {
                         error = false;
                         window.sessionStorage.setItem(\'secureUsername\', u);
                         window.sessionStorage.setItem(\'securePassword\', p);