1 files changed, 7 insertions, 6 deletions

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 345d27af..f6cda69c 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) {
 /**
  * Send a reset key to a specific e-mail address
  *
- * @param string $email E-mail address of the user resetting their password
+ * @param string $user User name or email address of the user
  * @param bool $welcome Whether to use the welcome message
  *
  * @return void
  */
-function send_resetkey($email, $welcome=false) {
-	$uid = uid_from_email($email);
+function send_resetkey($user, $welcome=false) {
+	$uid = uid_from_loginname($user);
 	if ($uid == null) {
 		return;
 	}
@@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) {
  *
  * @param string $password The new password
  * @param string $resetkey Code e-mailed to a user to reset a password
- * @param string $email E-mail address of the user resetting their password
+ * @param string $user User name or email address of the user
  *
  * @return string|void Redirect page if successful, otherwise return error message
  */
-function password_reset($password, $resetkey, $email) {
+function password_reset($password, $resetkey, $user) {
 	$hash = password_hash($password, PASSWORD_DEFAULT);
 
 	$dbh = DB::connect();
@@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) {
 	$q.= "ResetKey = '' ";
 	$q.= "WHERE ResetKey != '' ";
 	$q.= "AND ResetKey = " . $dbh->quote($resetkey) . " ";
-	$q.= "AND Email = " . $dbh->quote($email);
+	$q.= "AND (Email = " . $dbh->quote($user) . " OR ";
+	$q.= "UserName = " . $dbh->quote($user) . ")";
 	$result = $dbh->exec($q);
 
 	if (!$result) {