RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[IMPROVED] Allow e-mails only for login

Browse Source 
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.

Fixes #1345 once merged.
This commit is contained in:
Sebastian Grewe 2014-01-10 20:04:57 +01:00
parent 6b9583e867
commit 63960e2e62
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
public/include/classes/user.class.php
View File

@ -116,7 +116,11 @@ class User extends Base {
$this->setErrorMessage("Invalid username or password.");
return false;
}
if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
$this->debug->append("Not an e-mail address, rejecting login", 2);
$this->setErrorMessage("Please login with your e-mail address");
return false;
} else {
$this->debug->append("Username is an e-mail: $username", 2);
if (!$username = $this->getUserNameByEmail($username)) {
$this->setErrorMessage("Invalid username or password.");