login: replace unsupported characters in user names

[minimedit.git] / auth.inc.php

diff --git a/auth.inc.php b/auth.inc.php
index 2edfa7a0ef3012db39bcf50d5d7b1a83988b10a3..030a394e0b7904db90320b5643d5f274ddbeda4f 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -24,7 +24,7 @@ function login($inuser, $inpass = NULL)
        }
 
        # find password data by user name
-       $userdir = 'profile/'.strtolower($inuser);
+       $userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
        $pwfile = "$userdir/.passwd";
        if (!file_exists($pwfile)) return;
        $usertest = trim(file_get_contents($pwfile));