From 4f1c656f51bacaa5c9e3e0550cf0cfb3422f879f Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Sat, 19 Nov 2011 07:45:33 -0500 Subject: Fixes #641 users can submit email address to reset password --- actions/login.php | 1 - actions/user/requestnewpassword.php | 5 +++++ languages/en.php | 10 +++++----- views/default/forms/user/requestnewpassword.php | 2 +- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/actions/login.php b/actions/login.php index 5934d1423..c717faadd 100644 --- a/actions/login.php +++ b/actions/login.php @@ -28,7 +28,6 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -// @todo Are usernames with @ not allowed? if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { $username = $users[0]->username; } diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index 5dfa24952..f1d4fa43c 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -8,6 +8,11 @@ $username = get_input('username'); +// allow email addresses +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { + $username = $users[0]->username; +} + $user = get_user_by_username($username); if ($user) { if (send_new_password_request($user->guid)) { diff --git a/languages/en.php b/languages/en.php index af97e112d..1576ed73d 100644 --- a/languages/en.php +++ b/languages/en.php @@ -20,7 +20,7 @@ $english = array( 'login' => "Log in", 'loginok' => "You have been logged in.", 'loginerror' => "We couldn't log you in. Please check your credentials and try again.", - 'login:empty' => "Username and password are required.", + 'login:empty' => "Username/email and password are required.", 'login:baduser' => "Unable to load your user account.", 'auth:nopams' => "Internal error. No user authentication method installed.", @@ -222,8 +222,8 @@ $english = array( 'RegistrationException:EmptyPassword' => 'The password fields cannot be empty', 'RegistrationException:PasswordMismatch' => 'Passwords must match', 'LoginException:BannedUser' => 'You have been banned from this site and cannot log in', - 'LoginException:UsernameFailure' => 'We could not log you in. Please check your username and password.', - 'LoginException:PasswordFailure' => 'We could not log you in. Please check your username and password.', + 'LoginException:UsernameFailure' => 'We could not log you in. Please check your username/email and password.', + 'LoginException:PasswordFailure' => 'We could not log you in. Please check your username/email and password.', 'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.', 'LoginException:ChangePasswordFailure' => 'Failed current password check.', @@ -531,7 +531,7 @@ $english = array( 'user:password:resetreq:success' => 'Successfully requested a new password, email sent', 'user:password:resetreq:fail' => 'Could not request a new password.', - 'user:password:text' => 'To request a new password, enter your username below and click the Request button.', + 'user:password:text' => 'To request a new password, enter your username or email address below and click the Request button.', 'user:persistent' => 'Remember me', @@ -1064,7 +1064,7 @@ Your password has been reset to: %s", Somebody (from the IP address %s) has requested a new password for their account. -If you requested this click on the link below, otherwise ignore this email. +If you requested this, click on the link below. Otherwise ignore this email. %s ", diff --git a/views/default/forms/user/requestnewpassword.php b/views/default/forms/user/requestnewpassword.php index 8a5a18734..c90971eaf 100644 --- a/views/default/forms/user/requestnewpassword.php +++ b/views/default/forms/user/requestnewpassword.php @@ -11,7 +11,7 @@
-
+
'username', 'class' => 'elgg-autofocus', -- cgit v1.2.3