From 9c9c3ed9ae9ab0b08d82330f6d708757a6c0e6ae Mon Sep 17 00:00:00 2001
From: "florian.azizian" <florian.azizian@maarch.org>
Date: Wed, 20 Feb 2019 11:04:30 +0100
Subject: [PATCH] FIX #9422 case insensitive with ldap connexion

---
 apps/maarch_entreprise/log.php | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/apps/maarch_entreprise/log.php b/apps/maarch_entreprise/log.php
index 0a51aa6b6dc..397cfcf19c6 100755
--- a/apps/maarch_entreprise/log.php
+++ b/apps/maarch_entreprise/log.php
@@ -82,13 +82,19 @@ $businessAppTools = new business_app_tools();
 
 if (count($_SESSION['config']) <= 0) {
     $tmpPath = explode(
-        DIRECTORY_SEPARATOR, str_replace(
-            '/', DIRECTORY_SEPARATOR, $_SERVER['SCRIPT_FILENAME']
+        DIRECTORY_SEPARATOR,
+        str_replace(
+            '/',
+            DIRECTORY_SEPARATOR,
+            $_SERVER['SCRIPT_FILENAME']
         )
     );
     $serverPath = implode(
-        DIRECTORY_SEPARATOR, array_slice(
-            $tmpPath, 0, array_search('apps', $tmpPath)
+        DIRECTORY_SEPARATOR,
+        array_slice(
+            $tmpPath,
+            0,
+            array_search('apps', $tmpPath)
         )
     ).DIRECTORY_SEPARATOR;
 
@@ -213,7 +219,6 @@ if (!empty($_SESSION['error'])) {
             }
 
             if ($ad->authenticate($loginToAd, $password)) {
-                //TODO: protect sql injection with PDO
                 require_once 'core/class/class_db_pdo.php';
 
                 // Instantiate database.
@@ -223,6 +228,7 @@ if (!empty($_SESSION['error'])) {
                     array($login)
                 ); //permet de rechercher les utilisateurs dans le LDAP sans prendre en compte la casse
                 $result = $stmt->fetch();
+                $login = $result['user_id'];
 
                 if (!empty($result['locked_until'])) {
                     $lockedDate = new \DateTime($result['locked_until']);
-- 
GitLab