Fixes #641 users can submit email address to reset password

4 files changed, 11 insertions, 7 deletions

diff --git a/actions/login.php b/actions/login.php
index 5934d1423..c717faadd 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -28,7 +28,6 @@ if (empty($username) || empty($password)) {
 }
 
 // check if logging in with email address
-// @todo Are usernames with @ not allowed?
 if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
 	$username = $users[0]->username;
 }
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
index 5dfa24952..f1d4fa43c 100644
--- a/actions/user/requestnewpassword.php
+++ b/actions/user/requestnewpassword.php
@@ -8,6 +8,11 @@
 
 $username = get_input('username');
 
+// allow email addresses
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+	$username = $users[0]->username;
+}
+
 $user = get_user_by_username($username);
 if ($user) {
 	if (send_new_password_request($user->guid)) {
diff --git a/languages/en.php b/languages/en.php
index af97e112d..1576ed73d 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -20,7 +20,7 @@ $english = array(
 	'login' => "Log in",
 	'loginok' => "You have been logged in.",
 	'loginerror' => "We couldn't log you in. Please check your credentials and try again.",
-	'login:empty' => "Username and password are required.",
+	'login:empty' => "Username/email and password are required.",
 	'login:baduser' => "Unable to load your user account.",
 	'auth:nopams' => "Internal error. No user authentication method installed.",
 
@@ -222,8 +222,8 @@ $english = array(
 	'RegistrationException:EmptyPassword' => 'The password fields cannot be empty',
 	'RegistrationException:PasswordMismatch' => 'Passwords must match',
 	'LoginException:BannedUser' => 'You have been banned from this site and cannot log in',
-	'LoginException:UsernameFailure' => 'We could not log you in. Please check your username and password.',
-	'LoginException:PasswordFailure' => 'We could not log you in. Please check your username and password.',
+	'LoginException:UsernameFailure' => 'We could not log you in. Please check your username/email and password.',
+	'LoginException:PasswordFailure' => 'We could not log you in. Please check your username/email and password.',
 	'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.',
 	'LoginException:ChangePasswordFailure' => 'Failed current password check.',
 
@@ -531,7 +531,7 @@ $english = array(
 	'user:password:resetreq:success' => 'Successfully requested a new password, email sent',
 	'user:password:resetreq:fail' => 'Could not request a new password.',
 
-	'user:password:text' => 'To request a new password, enter your username below and click the Request button.',
+	'user:password:text' => 'To request a new password, enter your username or email address below and click the Request button.',
 
 	'user:persistent' => 'Remember me',
 
@@ -1064,7 +1064,7 @@ Your password has been reset to: %s",
 
 Somebody (from the IP address %s) has requested a new password for their account.
 
-If you requested this click on the link below, otherwise ignore this email.
+If you requested this, click on the link below. Otherwise ignore this email.
 
 %s
 ",
diff --git a/views/default/forms/user/requestnewpassword.php b/views/default/forms/user/requestnewpassword.php
index 8a5a18734..c90971eaf 100644
--- a/views/default/forms/user/requestnewpassword.php
+++ b/views/default/forms/user/requestnewpassword.php
@@ -11,7 +11,7 @@
 	<?php echo elgg_echo('user:password:text'); ?>
 </div>
 <div>
-	<label><?php echo elgg_echo('username'); ?></label><br />
+	<label><?php echo elgg_echo('loginusername'); ?></label><br />
 	<?php echo elgg_view('input/text', array(
 		'name' => 'username',
 		'class' => 'elgg-autofocus',