From e84c27fa167b0e4eee35fd63a17d81c582becdb8 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Tue, 23 Jun 2015 23:30:49 -0400
Subject: [PATCH] #255 Update code to 2.6.4

---
 inc/admin_functions.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php
index d34662f8..6ec41346 100644
--- a/inc/admin_functions.inc.php
+++ b/inc/admin_functions.inc.php
@@ -380,7 +380,7 @@ function hesk_activeSessionValidate($username, $password_hash, $tag)
     list($salt, $hash) = explode('|', $tag, 2);
 
     // Make sure the hash matches existing username and password
-    if ($hash == sha1($salt . $username . $password_hash) )
+    if ($hash == sha1($salt . strtolower($username) . $password_hash) )
     {
         return true;
     }
@@ -392,7 +392,7 @@ function hesk_activeSessionValidate($username, $password_hash, $tag)
 function hesk_activeSessionCreateTag($username, $password_hash)
 {
     $salt = uniqid(mt_rand(), true);
-    return $salt . '|' . sha1($salt . $username . $password_hash);
+    return $salt . '|' . sha1($salt . strtolower($username) . $password_hash);
 } // END hesk_activeSessionCreateTag()