aboutsummaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-11-19 07:45:33 -0500
committercash <cash.costello@gmail.com>2011-11-28 21:44:01 -0500
commit4f1c656f51bacaa5c9e3e0550cf0cfb3422f879f (patch)
tree76a8d23750d7442477023abf37d60c8b01832cbb /actions
parent268b33d5338ec2e4da9a0a3c81a8917ce1bfda60 (diff)
downloadelgg-4f1c656f51bacaa5c9e3e0550cf0cfb3422f879f.tar.gz
elgg-4f1c656f51bacaa5c9e3e0550cf0cfb3422f879f.tar.bz2
Fixes #641 users can submit email address to reset password
Diffstat (limited to 'actions')
-rw-r--r--actions/login.php1
-rw-r--r--actions/user/requestnewpassword.php5
2 files changed, 5 insertions, 1 deletions
diff --git a/actions/login.php b/actions/login.php
index 5934d1423..c717faadd 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -28,7 +28,6 @@ if (empty($username) || empty($password)) {
}
// check if logging in with email address
-// @todo Are usernames with @ not allowed?
if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
$username = $users[0]->username;
}
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
index 5dfa24952..f1d4fa43c 100644
--- a/actions/user/requestnewpassword.php
+++ b/actions/user/requestnewpassword.php
@@ -8,6 +8,11 @@
$username = get_input('username');
+// allow email addresses
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+ $username = $users[0]->username;
+}
+
$user = get_user_by_username($username);
if ($user) {
if (send_new_password_request($user->guid)) {