Index: create-mailbox.php =================================================================== --- create-mailbox.php.original (revision 1) +++ create-mailbox.php (working copy) @@ -65,7 +65,7 @@ $pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text']; $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text']; - if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']) . "@" . escape_string ($_POST['fDomain']); + if (isset ($_POST['fUsername'])) $fUsername = escape_string (strtolower($_POST['fUsername'])) . "@" . escape_string ($_POST['fDomain']); $fUsername = strtolower ($fUsername); if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']); @@ -78,7 +78,7 @@ if (!check_owner ($SESSID_USERNAME, $fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -88,7 +88,7 @@ if (!check_mailbox ($fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -98,7 +98,7 @@ if (empty ($fUsername) or !check_email ($fUsername)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -114,7 +114,7 @@ else { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -127,7 +127,7 @@ if (!check_quota ($fQuota, $fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -139,7 +139,7 @@ if ($result['rows'] == 1) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -158,7 +158,7 @@ } else { - $maildir = $fDomain . "/" . escape_string ($_POST['fUsername']) . "/"; + $maildir = $fDomain . "/" . escape_string (strtolower($_POST['fUsername'])) . "/"; } } else Index: create-alias.php =================================================================== --- create-alias.php.original (revision 1) +++ create-alias.php (working copy) @@ -53,7 +53,7 @@ { $pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text']; - if (isset ($_POST['fAddress']) && isset ($_POST['fDomain'])) $fAddress = escape_string ($_POST['fAddress']) . "@" . escape_string ($_POST['fDomain']); + if (isset ($_POST['fAddress']) && isset ($_POST['fDomain'])) $fAddress = escape_string (strtolower($_POST['fAddress'])) . "@" . escape_string ($_POST['fDomain']); $fAddress = strtolower ($fAddress); if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']); $fGoto = strtolower ($fGoto); @@ -77,7 +77,7 @@ if (!check_alias ($fDomain)) { $error = 1; - $tAddress = escape_string ($_POST['fAddress']); + $tAddress = escape_string (strtolower($_POST['fAddress'])); $tGoto = $fGoto; $tDomain = $fDomain; $pCreate_alias_address_text = $PALANG['pCreate_alias_address_text_error3']; @@ -86,7 +86,7 @@ if (empty ($fAddress) or !check_email ($fAddress)) { $error = 1; - $tAddress = escape_string ($_POST['fAddress']); + $tAddress = escape_string (strtolower($_POST['fAddress'])); $tGoto = $fGoto; $tDomain = $fDomain; $pCreate_alias_address_text = $PALANG['pCreate_alias_address_text_error1']; @@ -95,19 +95,19 @@ if (empty ($fGoto) or !check_email ($fGoto)) { $error = 1; - $tAddress = escape_string ($_POST['fAddress']); + $tAddress = escape_string (strtolower($_POST['fAddress'])); $tGoto = $fGoto; $tDomain = $fDomain; $pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text_error']; } - if (escape_string ($_POST['fAddress']) == "*") $fAddress = "@" . escape_string ($_POST['fDomain']); + if (escape_string (strtolower($_POST['fAddress'])) == "*") $fAddress = "@" . escape_string ($_POST['fDomain']); $result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress'"); if ($result['rows'] == 1) { $error = 1; - $tAddress = escape_string ($_POST['fAddress']); + $tAddress = escape_string (strtolower($_POST['fAddress'])); $tGoto = $fGoto; $tDomain = $fDomain; $pCreate_alias_address_text = $PALANG['pCreate_alias_address_text_error2']; Index: admin/create-mailbox.php =================================================================== --- admin/create-mailbox.php.original (revision 1) +++ admin/create-mailbox.php (working copy) @@ -68,7 +68,7 @@ $pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text']; $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text']; - if (isset ($_POST['fUsername']) && isset ($_POST['fDomain'])) $fUsername = escape_string ($_POST['fUsername']) . "@" . escape_string ($_POST['fDomain']); + if (isset ($_POST['fUsername']) && isset ($_POST['fDomain'])) $fUsername = escape_string (strtolower($_POST['fUsername'])) . "@" . escape_string ($_POST['fDomain']); $fUsername = strtolower ($fUsername); if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']); @@ -81,7 +81,7 @@ if (!check_mailbox ($fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -91,7 +91,7 @@ if (empty ($fUsername) or !check_email ($fUsername)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -107,7 +107,7 @@ else { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -120,7 +120,7 @@ if (!check_quota ($fQuota, $fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -132,7 +132,7 @@ if ($result['rows'] == 1) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; @@ -151,7 +151,7 @@ } else { - $maildir = $fDomain . "/" . escape_string ($_POST['fUsername']) . "/"; + $maildir = $fDomain . "/" . escape_string (strtolower($_POST['fUsername'])) . "/"; } } else Index: admin/create-domain.php =================================================================== --- admin/create-domain.php.original (revision 1) +++ admin/create-domain.php (working copy) @@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { - if (isset ($_POST['fDomain'])) $fDomain = escape_string ($_POST['fDomain']); + if (isset ($_POST['fDomain'])) $fDomain = escape_string (strtolower($_POST['fDomain'])); !empty ($_POST['fDescription']) ? $fDescription = escape_string ($_POST['fDescription']) : $fDescription = "No Description"; if (isset ($_POST['fAliases'])) $fAliases = escape_string ($_POST['fAliases']); if (isset ($_POST['fMailboxes'])) $fMailboxes = escape_string ($_POST['fMailboxes']); @@ -63,7 +63,7 @@ if (empty ($fDomain) or domain_exist ($fDomain) or !check_domain ($fDomain)) { $error = 1; - $tDomain = escape_string ($_POST['fDomain']); + $tDomain = escape_string (strtolower($_POST['fDomain'])); $tDescription = escape_string ($_POST['fDescription']); $tAliases = escape_string ($_POST['fAliases']); $tMailboxes = escape_string ($_POST['fMailboxes']); Index: admin/create-admin.php =================================================================== --- admin/create-admin.php.original (revision 1) +++ admin/create-admin.php (working copy)2007-06-08 20:43:10.000000000 -0600 @@ -46,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { - if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']); + if (isset ($_POST['fUsername'])) $fUsername = escape_string (strtolower($_POST['fUsername'])); if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']); if (!empty ($_POST['fDomains'])) $fDomains = $_POST['fDomains']; @@ -54,7 +54,7 @@ if (!check_email ($fUsername)) { $error = 1; - if (isset ($_POST['fUsername'])) $tUsername = escape_string ($_POST['fUsername']); + if (isset ($_POST['fUsername'])) $tUsername = escape_string (strtolower($_POST['fUsername'])); if (isset ($_POST['fDomains'])) $tDomains = $_POST['fDomains']; $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error1']; } @@ -62,7 +62,7 @@ if (empty ($fUsername) or admin_exist ($fUsername)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); + $tUsername = escape_string (strtolower($_POST['fUsername'])); if (isset ($_POST['fDomains'])) $tDomains = $_POST['fDomains']; $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error2']; } @@ -76,7 +76,7 @@ else { $error = 1; - if (isset ($_POST['fUsername'])) $tUsername = escape_string ($_POST['fUsername']); + if (isset ($_POST['fUsername'])) $tUsername = escape_string (strtolower($_POST['fUsername'])); if (isset ($_POST['fDomains'])) $tDomains = $_POST['fDomains']; $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; $pAdminCreate_admin_password_text = $PALANG['pAdminCreate_admin_password_text_error'];