From 6257ba0d524676ed88a37420dd38ac1a3e35cf7d Mon Sep 17 00:00:00 2001
From: ENGO150 <v.smejkal06@gmail.com>
Date: Wed, 22 May 2024 16:01:41 +0200
Subject: [PATCH] comparing binary username for case sensitivity

---
 forum.php                     | 2 +-
 res/forum/api/list_users.php  | 2 +-
 res/forum/api/remove_user.php | 4 ++--
 res/forum/api/user_info.php   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/forum.php b/forum.php
index 7901fa2..ee817ef 100644
--- a/forum.php
+++ b/forum.php
@@ -36,7 +36,7 @@ if (!isset($_SESSION["username"]))
 			<?php
 				include("./res/global.php");
 
-				$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+				$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
 
 				if ($out -> num_rows == 1)
 				{
diff --git a/res/forum/api/list_users.php b/res/forum/api/list_users.php
index a6ab2d5..529f66c 100644
--- a/res/forum/api/list_users.php
+++ b/res/forum/api/list_users.php
@@ -5,7 +5,7 @@ session_start();
 
 if (!isset($_SESSION["username"])) goto fail;
 
-$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
 
 if ($out -> num_rows != 1)
 {
diff --git a/res/forum/api/remove_user.php b/res/forum/api/remove_user.php
index bcbcef9..e182014 100644
--- a/res/forum/api/remove_user.php
+++ b/res/forum/api/remove_user.php
@@ -5,7 +5,7 @@ session_start();
 
 if (!isset($_SESSION["username"])) goto fail;
 
-$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
 
 if ($out -> num_rows != 1)
 {
@@ -17,7 +17,7 @@ if ($out -> num_rows != 1)
 
 if (!isset($_GET["username"])) return;
 
-$user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $_GET["username"] . "\"")) -> fetch_assoc())["user_info"];
+$user_info_id = (($database -> query("SELECT user_info FROM user WHERE BINARY username=\"" . $_GET["username"] . "\"")) -> fetch_assoc())["user_info"];
 
 $database -> query("DELETE FROM user WHERE user_info=" . $user_info_id);
 $database -> query("DELETE FROM user_info WHERE id=" . $user_info_id);
\ No newline at end of file
diff --git a/res/forum/api/user_info.php b/res/forum/api/user_info.php
index 651ec2d..757ad8b 100644
--- a/res/forum/api/user_info.php
+++ b/res/forum/api/user_info.php
@@ -5,7 +5,7 @@ session_start();
 
 if (!isset($_SESSION["username"])) goto fail;
 
-$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
 
 if (!isset($_GET["username"])) return;