summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/html/passreset.php25
-rw-r--r--web/lib/acctfuncs.inc.php13
2 files changed, 19 insertions, 19 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 9e7cee88..b3c8bd29 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -11,14 +11,14 @@ if (isset($_COOKIE["AURSID"])) {
$error = '';
-if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) {
+if (isset($_GET['resetkey'], $_POST['user'], $_POST['password'], $_POST['confirm'])) {
$resetkey = $_GET['resetkey'];
- $email = $_POST['email'];
+ $user = $_POST['user'];
$password = $_POST['password'];
$confirm = $_POST['confirm'];
- $uid = uid_from_email($email);
+ $uid = uid_from_loginname($user);
- if (empty($email) || empty($password)) {
+ if (empty($user) || empty($password)) {
$error = __('Missing a required field.');
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
@@ -31,16 +31,15 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
}
if (empty($error)) {
- $error = password_reset($password, $resetkey, $email);
+ $error = password_reset($password, $resetkey, $user);
}
-} elseif (isset($_POST['email'])) {
- $email = $_POST['email'];
- $username = username_from_id(uid_from_email($email));
+} elseif (isset($_POST['user'])) {
+ $user = $_POST['user'];
- if (empty($email)) {
+ if (empty($user)) {
$error = __('Missing a required field.');
} else {
- send_resetkey($email);
+ send_resetkey($user);
header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit();
}
@@ -67,7 +66,7 @@ html_header(__("Password Reset"));
<table>
<tr>
<td><?= __("Confirm your e-mail address:"); ?></td>
- <td><input type="text" name="email" size="30" maxlength="64" /></td>
+ <td><input type="text" name="user" size="30" maxlength="64" /></td>
</tr>
<tr>
<td><?= __("Enter your new password:"); ?></td>
@@ -89,8 +88,8 @@ html_header(__("Password Reset"));
<ul class="errorlist"><li><?= $error ?></li></ul>
<?php endif; ?>
<form action="" method="post">
- <p><?= __("Enter your e-mail address:"); ?>
- <input type="text" name="email" size="30" maxlength="64" /></p>
+ <p><?= __("Enter your user name or your e-mail address:"); ?>
+ <input type="text" name="user" size="30" maxlength="64" /></p>
<input type="submit" class="button" value="<?= __('Continue') ?>" />
</form>
<?php endif; ?>
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 345d27af..f6cda69c 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) {
/**
* Send a reset key to a specific e-mail address
*
- * @param string $email E-mail address of the user resetting their password
+ * @param string $user User name or email address of the user
* @param bool $welcome Whether to use the welcome message
*
* @return void
*/
-function send_resetkey($email, $welcome=false) {
- $uid = uid_from_email($email);
+function send_resetkey($user, $welcome=false) {
+ $uid = uid_from_loginname($user);
if ($uid == null) {
return;
}
@@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) {
*
* @param string $password The new password
* @param string $resetkey Code e-mailed to a user to reset a password
- * @param string $email E-mail address of the user resetting their password
+ * @param string $user User name or email address of the user
*
* @return string|void Redirect page if successful, otherwise return error message
*/
-function password_reset($password, $resetkey, $email) {
+function password_reset($password, $resetkey, $user) {
$hash = password_hash($password, PASSWORD_DEFAULT);
$dbh = DB::connect();
@@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) {
$q.= "ResetKey = '' ";
$q.= "WHERE ResetKey != '' ";
$q.= "AND ResetKey = " . $dbh->quote($resetkey) . " ";
- $q.= "AND Email = " . $dbh->quote($email);
+ $q.= "AND (Email = " . $dbh->quote($user) . " OR ";
+ $q.= "UserName = " . $dbh->quote($user) . ")";
$result = $dbh->exec($q);
if (!$result) {