diff options
Diffstat (limited to 'web')
-rw-r--r-- | web/html/passreset.php | 25 | ||||
-rw-r--r-- | web/lib/acctfuncs.inc.php | 13 |
2 files changed, 19 insertions, 19 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php index 9e7cee88..b3c8bd29 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -11,14 +11,14 @@ if (isset($_COOKIE["AURSID"])) { $error = ''; -if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) { +if (isset($_GET['resetkey'], $_POST['user'], $_POST['password'], $_POST['confirm'])) { $resetkey = $_GET['resetkey']; - $email = $_POST['email']; + $user = $_POST['user']; $password = $_POST['password']; $confirm = $_POST['confirm']; - $uid = uid_from_email($email); + $uid = uid_from_loginname($user); - if (empty($email) || empty($password)) { + if (empty($user) || empty($password)) { $error = __('Missing a required field.'); } elseif ($password != $confirm) { $error = __('Password fields do not match.'); @@ -31,16 +31,15 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } if (empty($error)) { - $error = password_reset($password, $resetkey, $email); + $error = password_reset($password, $resetkey, $user); } -} elseif (isset($_POST['email'])) { - $email = $_POST['email']; - $username = username_from_id(uid_from_email($email)); +} elseif (isset($_POST['user'])) { + $user = $_POST['user']; - if (empty($email)) { + if (empty($user)) { $error = __('Missing a required field.'); } else { - send_resetkey($email); + send_resetkey($user); header('Location: ' . get_uri('/passreset/') . '?step=confirm'); exit(); } @@ -67,7 +66,7 @@ html_header(__("Password Reset")); <table> <tr> <td><?= __("Confirm your e-mail address:"); ?></td> - <td><input type="text" name="email" size="30" maxlength="64" /></td> + <td><input type="text" name="user" size="30" maxlength="64" /></td> </tr> <tr> <td><?= __("Enter your new password:"); ?></td> @@ -89,8 +88,8 @@ html_header(__("Password Reset")); <ul class="errorlist"><li><?= $error ?></li></ul> <?php endif; ?> <form action="" method="post"> - <p><?= __("Enter your e-mail address:"); ?> - <input type="text" name="email" size="30" maxlength="64" /></p> + <p><?= __("Enter your user name or your e-mail address:"); ?> + <input type="text" name="user" size="30" maxlength="64" /></p> <input type="submit" class="button" value="<?= __('Continue') ?>" /> </form> <?php endif; ?> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 345d27af..f6cda69c 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) { /** * Send a reset key to a specific e-mail address * - * @param string $email E-mail address of the user resetting their password + * @param string $user User name or email address of the user * @param bool $welcome Whether to use the welcome message * * @return void */ -function send_resetkey($email, $welcome=false) { - $uid = uid_from_email($email); +function send_resetkey($user, $welcome=false) { + $uid = uid_from_loginname($user); if ($uid == null) { return; } @@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) { * * @param string $password The new password * @param string $resetkey Code e-mailed to a user to reset a password - * @param string $email E-mail address of the user resetting their password + * @param string $user User name or email address of the user * * @return string|void Redirect page if successful, otherwise return error message */ -function password_reset($password, $resetkey, $email) { +function password_reset($password, $resetkey, $user) { $hash = password_hash($password, PASSWORD_DEFAULT); $dbh = DB::connect(); @@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) { $q.= "ResetKey = '' "; $q.= "WHERE ResetKey != '' "; $q.= "AND ResetKey = " . $dbh->quote($resetkey) . " "; - $q.= "AND Email = " . $dbh->quote($email); + $q.= "AND (Email = " . $dbh->quote($user) . " OR "; + $q.= "UserName = " . $dbh->quote($user) . ")"; $result = $dbh->exec($q); if (!$result) { |