diff --git a/include/class.auth.php b/include/class.auth.php index afda9c0e9a2b9610e44a5d363a8b58989fbf5424..1dc5a9ccf8f05172bd081929dfcb4d50c4104fa8 100644 --- a/include/class.auth.php +++ b/include/class.auth.php @@ -1061,7 +1061,7 @@ class AuthTokenAuthentication extends UserAuthenticationBackend { if (($ticket = Ticket::lookupByNumber($_GET['t'], $_GET['e'])) // Using old ticket auth code algo - hardcoded here because it // will be removed in ticket class in the upcoming rewrite - && !strcasecmp($_GET['a'], md5($ticket->getId() . $_GET['e'] . SECRET_SALT)) + && !strcasecmp($_GET['a'], md5($ticket->getId() . strtolower($_GET['e']) . SECRET_SALT)) && ($owner = $ticket->getOwner())) $user = new ClientSession($owner); }