2005-04-06
The auth_register() function in inc/auth.php does a cleanID($_POST['login']), but the auth_login() function does not; this caused some user confusion because when registering with their full names as userids, the downcased registration did not match their expectations (this with letting them choose their own passwords).
[ As an aside, using cleanID() works well: in my case the ALT-Y auto-signature takes them to a wiki "home page" under a "people:" namespace with their cleaned userid, and since the wiki page names are case-insensitive the login code needs to be too. ]
For symmetry, auth_login() needs to do the downcasing too:
----
function auth_login($user,$pass,$sticky=false){
global $USERINFO;
global $conf;
global $lang;
$sticky ? $sticky = true : $sticky = false; //sanity check
if(isset($user)){
//auth_register() does cleanID(), we should too!
$user=cleanID($user);
if (auth_checkPass($user,$pass)){