avoid broken browser_uid on IE

Internet Explorer 8 (and maybe others) seem to use different capitalization in the ACCEPT_CHARSET header between "normal" requests and AJAX requests. This causes a browser UID mismatch and thus an unecessary reauthentication.
author: Andreas Gohr <gohr@cosmocode.de> 2012-10-18 16:20:28 +0200
committer: Andreas Gohr <gohr@cosmocode.de> 2012-10-18 16:20:28 +0200
commit: 80b4f3761dd43d240253888985ae74cb16ef6200 (patch)
tree: c046705f68d056ec9b62408529e1756419ffb127 /inc/auth.php
parent: 88f7f7c824ef0874407c3bb12c116069c9039d8e (diff)
download: rpg-80b4f3761dd43d240253888985ae74cb16ef6200.tar.gz
rpg-80b4f3761dd43d240253888985ae74cb16ef6200.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/inc/auth.php b/inc/auth.php
index 99adfa791..1c8a8f5f5 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -299,7 +299,7 @@ function auth_createToken() {
  *
  * This is neither unique nor unfakable - still it adds some
  * security. Using the first part of the IP makes sure
- * proxy farms like AOLs are stil okay.
+ * proxy farms like AOLs are still okay.
  *
  * @author  Andreas Gohr <andi@splitbrain.org>
  *
@@ -313,6 +313,7 @@ function auth_browseruid() {
     $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
     $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
     $uid .= substr($ip, 0, strpos($ip, '.'));
+    $uid = strtolower($uid);
     return md5($uid);
 }
author	Andreas Gohr <gohr@cosmocode.de>	2012-10-18 16:20:28 +0200
committer	Andreas Gohr <gohr@cosmocode.de>	2012-10-18 16:20:28 +0200
commit	80b4f3761dd43d240253888985ae74cb16ef6200 (patch)
tree	c046705f68d056ec9b62408529e1756419ffb127 /inc/auth.php
parent	88f7f7c824ef0874407c3bb12c116069c9039d8e (diff)
download	rpg-80b4f3761dd43d240253888985ae74cb16ef6200.tar.gz rpg-80b4f3761dd43d240253888985ae74cb16ef6200.tar.bz2