From 32ff00caec8cc918880e32c508cfc7dfbbef9e30 Mon Sep 17 00:00:00 2001 From: Maxime BOURMAUD Date: Wed, 30 Sep 2020 10:51:29 +0200 Subject: [PATCH] Feature#765 now it's possible to login with your email address (#770) First we check for the username, if not found we check among email addresses. --- include/functions_user.inc.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 86aee44f6..5503a9dba 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1099,6 +1099,8 @@ function pwg_login($success, $username, $password, $remember_me) pwg_session_gc(); global $conf; + + $user_found = false; // retrieving the encrypted password of the login submitted $query = ' SELECT '.$conf['user_fields']['id'].' AS id, @@ -1106,8 +1108,31 @@ SELECT '.$conf['user_fields']['id'].' AS id, FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; + $row = pwg_db_fetch_assoc(pwg_query($query)); if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id'])) + { + $user_found = true; + } + + // If we didn't find a matching user name, we search for email address + if (!$user_found) + { + $query = ' + SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['password'].' AS password + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['email'].' = \''.pwg_db_real_escape_string($username).'\' + ;'; + + $row = pwg_db_fetch_assoc(pwg_query($query)); + if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id'])) + { + $user_found = true; + } + } + + if ($user_found) { log_user($row['id'], $remember_me); trigger_notify('login_success', stripslashes($username));