diff options
| author | Cash Costello <cash.costello@gmail.com> | 2011-11-19 07:45:33 -0500 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2011-11-19 07:45:33 -0500 |
| commit | 7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72 (patch) | |
| tree | f8688102de01d684ac09ee660c3e9923b4c8ae8b /actions | |
| parent | 75c00c55dd9cc2de4d97f829d9b47c99eb4ba287 (diff) | |
| download | elgg-7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72.tar.gz elgg-7cc4c3139d8d75335bd7e9b21d99257ff8d3cc72.tar.bz2 | |
Fixes #641 users can submit email address to reset password
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/login.php | 1 | ||||
| -rw-r--r-- | actions/user/requestnewpassword.php | 5 |
2 files changed, 5 insertions, 1 deletions
diff --git a/actions/login.php b/actions/login.php index 5934d1423..c717faadd 100644 --- a/actions/login.php +++ b/actions/login.php @@ -28,7 +28,6 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -// @todo Are usernames with @ not allowed? if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { $username = $users[0]->username; } diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index 5dfa24952..f1d4fa43c 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -8,6 +8,11 @@ $username = get_input('username'); +// allow email addresses +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { + $username = $users[0]->username; +} + $user = get_user_by_username($username); if ($user) { if (send_new_password_request($user->guid)) { |