case insensitive username

2019-07-23 23:46:36 +00:00 · 2019-07-23 23:46:36 +00:00 · 1140a07d43
parent 1908474e2d
commit 1140a07d43
1 changed files with 16 additions and 56 deletions
--- a/main.go
+++ b/main.go
@ -56,7 +56,7 @@ func UsernameAvailable(username string) bool {
 		return false
 	}
 	var u string
-	q := fmt.Sprintf("select username from %s_auth where username=$1", c.TablePrefix)
+	q := fmt.Sprintf("select username from %s_auth where username ILIKE $1", c.TablePrefix)
 	err := c.db.Get(&u, q, username)
 	if err == sql.ErrNoRows {
 		return true
@ -91,7 +91,7 @@ func Register(username, email, ip string) bool {
 		return true
 	}
 	log.Printf("scsusers.Register: Failed to send registration email, deleting user %s\n", username)
-	q=fmt.Sprintf("delete from %s_auth where username=$1 AND password=$2", c.TablePrefix)
+	q=fmt.Sprintf("delete from %s_auth where username ILIKE $1 AND password=$2", c.TablePrefix)
 	_,err = c.db.Exec(q, username, string(crypt))
 	if err != nil {
 		log.Printf("scsusers.Register: Failed to delete new user %s: %s\n", username, err.Error())
@ -100,7 +100,7 @@ func Register(username, email, ip string) bool {
 }
 func Login(username, password string) bool {
-	q:=fmt.Sprintf("select password from %s_auth where username=$1 AND status='active'",c.TablePrefix)
+	q:=fmt.Sprintf("select password from %s_auth where username ILIKE $1 AND status='active'",c.TablePrefix)
 	var crypt string
 	err:=c.db.Get(&crypt, q, username)
 	if err != nil {
@ -118,7 +118,7 @@ func Login(username, password string) bool {
 func ChangePassword(username, oldpass, newpass string) bool {
 	log.Println("scsusers.ChangePassword: Attempting password change for "+ username)
-	q:=fmt.Sprintf("select password from %s_auth where username=$1 AND status='active'",c.TablePrefix)
+	q:=fmt.Sprintf("select password from %s_auth where username ILIKE $1 AND status='active'",c.TablePrefix)
 	var crypt string
 	err:=c.db.Get(&crypt, q, username)
 	if err != nil {
@ -130,7 +130,7 @@ func ChangePassword(username, oldpass, newpass string) bool {
 		return false
 	}
 	newcrypt, err := bcrypt.GenerateFromPassword([]byte(newpass), 10)
-	q=fmt.Sprintf("update %s_auth set password=$2 where username=$1", c.TablePrefix)
+	q=fmt.Sprintf("update %s_auth set password=$2 where username ILIKE $1", c.TablePrefix)
 	_,err=c.db.Exec(q, username, newcrypt)
 	if err!= nil {
 		log.Printf("scsusers.ChangePassword: update failed for %s: %s\n", username, err.Error())
@ -143,7 +143,7 @@ func ChangePassword(username, oldpass, newpass string) bool {
 func GetUserid(username string) int64 {
 	var i int64
-	q:=fmt.Sprintf("select userid from %s_auth where username=$1", c.TablePrefix)
+	q:=fmt.Sprintf("select userid from %s_auth where username ILIKE $1", c.TablePrefix)
 	err:=c.db.Get(&i, q, username)
 	if err != nil {
 		log.Printf("scsusers.getUserId: Error loading user: %s : %s\n", username, err.Error())
@ -153,7 +153,7 @@ func GetUserid(username string) int64 {
 }
 func LoadUser(username string) (UserData, error) {
 	var u UserData
-	q:=fmt.Sprintf("select data from %s_userdata where username=$1", c.TablePrefix)
+	q:=fmt.Sprintf("select data from %s_userdata where username ILIKE $1", c.TablePrefix)
 	var d string
 	err:=c.db.Get(d, q, username)
 	if err != nil {
@ -168,7 +168,7 @@ func LoadUser(username string) (UserData, error) {
 }
 func SaveUser(username string, d UserData) bool {
-	q:=fmt.Sprintf("update %s_userdata set data=$1 where username=$2")
+	q:=fmt.Sprintf("update %s_userdata set data=$1 where username ILIKE $2")
 	j, err:=json.Marshal(d)
 	if err != nil {
 		log.Printf("scsusers.SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error())
@ -184,7 +184,7 @@ func SaveUser(username string, d UserData) bool {
 }
 func Bump(username string) {
-	q:=fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP where username=$1", c.TablePrefix)
+	q:=fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP where username ILIKE $1", c.TablePrefix)
 	_, err :=c.db.Exec(q, username)
 	if err != nil {
 		log.Printf("scsusers.Bump: Error on user bump: %s : %s\n", username,  err.Error())
@ -200,7 +200,7 @@ func GetAllMeta(username string) (map[string]string) {
 	meta:=make(map[string]string)
 	q:=fmt.Sprintf(`select meta_key, meta_value 
 			from %s_user_metadata where 
-			user_id=(select userid from %s_auth where username=?)`,
+			user_id=(select userid from %s_auth where username ILIKE $1)`,
 			c.TablePrefix, c.TablePrefix)
 	rows,err:=c.db.Queryx(q, username)
 	if err != nil {
@ -222,7 +222,7 @@ func GetAllMeta(username string) (map[string]string) {
 func GetMeta(username string, metakey string) string {
 	var v string
 	q:=fmt.Sprintf(`select meta_value from %s_user_metadata where 
-		user_id=(select userid from %s_auth where username=?) AND meta_key=?`, c.TablePrefix, c.TablePrefix)
+		user_id=(select userid from %s_auth where username ILIKE $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix)
 	err:=c.db.Get(&v, q, username, metakey)
 	if err != nil {
 		log.Printf("scsusers.GetMeta: %s - %s - %s\n", username, metakey, err.Error())
@ -233,12 +233,12 @@ func GetMeta(username string, metakey string) string {
 func SetMeta(username string, metakey string, metavalue string) {
 	var err error
 	if metavalue=="" {
-		q:=fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username=?) AND meta_key=?`,
+		q:=fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username ILIKE $1) AND meta_key=$2`,
 			c.TablePrefix, c.TablePrefix)
 	_, err=c.db.Exec(q, username, metakey)
 	} else {
 		q:=fmt.Sprintf(`insert into %s_user_metadata (user_id, meta_key, meta_value) VALUES
-		((select userid from %s_auth where username=?), ?, ?)`, c.TablePrefix, c.TablePrefix)
+		((select userid from %s_auth where username ILIKE $1), $2, $3)`, c.TablePrefix, c.TablePrefix)
 		_,err=c.db.Exec(q, username, metakey, metavalue)
 	}
 	if err != nil {
@ -246,55 +246,15 @@ func SetMeta(username string, metakey string, metavalue string) {
 	}
 }
 func GetRoles(username string) []string {
 	var roles []string
 	q:=fmt.Sprintf(`select role_name from %s_roles 
 			left join %s_user_roles on %s_roles.role_id=%s_user_roles.role_id 
 			left join %s_auth on %s_user_roles.user_id=%s_auth.user_id 
 			where %s_auth.username=?`, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix)
 	err:=c.db.Select(&roles,q, username)
 	if err != nil {
 		log.Printf("scsusers.GetRoles: %s : %s\n", username, err.Error())
 	}	
 	return roles
 }
 func HasRole(username string, role string) bool {
 	roles:=GetRoles(username)
 	for _,a:=range(roles) {
 		if a==role {
 			return true
 		}
 	}
 	return false
 }
 func AddRole(username string, role string) bool {
 	if HasRole(username, role) {
 		return true
 	}
 	q:=fmt.Sprintf(`insert into %s_user_roles (user_id, role_id) 
 		VALUES (
 			(select userid from %s_auth where username=?), 
 			(select role_id from %s_roles where role_name=?)
 			);
 		`, c.TablePrefix, c.TablePrefix, c.TablePrefix)
 	_, err:=c.db.Exec(q)
 	if err != nil {
 		log.Printf("scsusers.AddRole: %s %s %s\n", username, role, err.Error())
 		return false
 	}
 	return true
 }
 func RecoverByUsername(u string) {
 	var username, email string
-	q:=fmt.Sprintf("select username, email from %s_auth where username=$1", c.TablePrefix)
+	q:=fmt.Sprintf("select username, email from %s_auth where username ILIKE $1", c.TablePrefix)
 	row:=c.db.QueryRow(q, u)
 	err:=row.Scan(&username, &email)
 	if err!=sql.ErrNoRows {
 		recoverycode:=randBytes(16)
-		qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username=$2", c.TablePrefix)
+		qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username ILIKE $2", c.TablePrefix)
 		_,err:=c.db.Exec(qq, recoverycode, username)
 		if err==nil {
 			sendRecoveryEmail(email, username, string(recoverycode))
@ -309,7 +269,7 @@ func RecoverByEmail(e string) {
 	err:=row.Scan(&username, &email)
 	if err!=sql.ErrNoRows {
 		recoverycode:=randBytes(16)
-		qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username=$2", c.TablePrefix)
+		qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username ILIKE $2", c.TablePrefix)
 		_,err:=c.db.Exec(qq, recoverycode, username)
 		if err==nil {
 			sendRecoveryEmail(email, username, string(recoverycode))