Fixes #641 users can submit email address to reset password

author: Cash Costello <cash.costello@gmail.com> 2011-11-19 07:45:33 -0500
committer: Cash Costello <cash.costello@gmail.com> 2011-11-19 07:45:33 -0500
commit: 7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72 (patch)
tree: f8688102de01d684ac09ee660c3e9923b4c8ae8b /actions/user/requestnewpassword.php
parent: 75c00c55dd9cc2de4d97f829d9b47c99eb4ba287 (diff)
download: elgg-7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72.tar.gz
elgg-7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
index 5dfa24952..f1d4fa43c 100644
--- a/actions/user/requestnewpassword.php
+++ b/actions/user/requestnewpassword.php
@@ -8,6 +8,11 @@
 
 $username = get_input('username');
 
+// allow email addresses
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+	$username = $users[0]->username;
+}
+
 $user = get_user_by_username($username);
 if ($user) {
 	if (send_new_password_request($user->guid)) {
author	Cash Costello <cash.costello@gmail.com>	2011-11-19 07:45:33 -0500
committer	Cash Costello <cash.costello@gmail.com>	2011-11-19 07:45:33 -0500
commit	7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72 (patch)
tree	f8688102de01d684ac09ee660c3e9923b4c8ae8b /actions/user/requestnewpassword.php
parent	75c00c55dd9cc2de4d97f829d9b47c99eb4ba287 (diff)
download	elgg-7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72.tar.gz elgg-7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72.tar.bz2