RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #711 from TheSerapher/issue-709

Browse Source 
[IMPROVED] Added case-insensitive login
This commit is contained in:
Sebastian Grewe 2013-10-13 08:18:20 -07:00
commit 7b2adf27d1
3 changed files with 26 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
public/include/classes/user.class.php
View File

@ -46,11 +46,11 @@ class User {
public function getUserNameByEmail($email) { public function getUserNameByEmail($email) {
return $this->getSingle($email, 'username', 'email', 's'); return $this->getSingle($email, 'username', 'email', 's');
} }
public function getUserId($username) { public function getUserId($username, $lower=false) {
return $this->getSingle($username, 'id', 'username', 's'); return $this->getSingle($username, 'id', 'username', 's', $lower);
} }
public function getUserEmail($username) { public function getUserEmail($username, $lower=false) {
return $this->getSingle($username, 'email', 'username', 's'); return $this->getSingle($username, 'email', 'username', 's', $lower);
} }
public function getUserNoFee($id) { public function getUserNoFee($id) {
return $this->getSingle($id, 'no_fees', 'id'); return $this->getSingle($id, 'no_fees', 'id');
@ -130,7 +130,7 @@ class User {
return false; return false;
} }
if (filter_var($username, FILTER_VALIDATE_EMAIL)) { if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
$this->debug->append("Username is an e-mail", 2); $this->debug->append("Username is an e-mail: $username", 2);
if (!$username = $this->getUserNameByEmail($username)) { if (!$username = $this->getUserNameByEmail($username)) {
$this->setErrorMessage("Invalid username or password."); $this->setErrorMessage("Invalid username or password.");
return false; return false;
@ -179,9 +179,12 @@ class User {
* @param type string Type of value * @param type string Type of value
* @return array Return result * @return array Return result
**/ **/
private function getSingle($value, $search='id', $field='id', $type="i") { private function getSingle($value, $search='id', $field='id', $type="i", $lower=false) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$stmt = $this->mysqli->prepare("SELECT $search FROM $this->table WHERE $field = ? LIMIT 1"); $sql = "SELECT $search FROM $this->table WHERE";
$lower ? $sql .= " LOWER($field) = LOWER(?)" : $sql .= " $field = ?";
$sql .= " LIMIT 1";
$stmt = $this->mysqli->prepare($sql);
if ($this->checkStmt($stmt)) { if ($this->checkStmt($stmt)) {
$stmt->bind_param($type, $value); $stmt->bind_param($type, $value);
$stmt->execute(); $stmt->execute();
@ -388,16 +391,13 @@ class User {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$user = array(); $user = array();
$password_hash = $this->getHash($password); $password_hash = $this->getHash($password);
$stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1"); $stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE LOWER(username) = LOWER(?) AND pass = ? LIMIT 1");
if ($this->checkStmt($stmt)) { if ($this->checkStmt($stmt) && $stmt->bind_param('ss', $username, $password_hash) && $stmt->execute() && $stmt->bind_result($row_username, $row_id, $row_admin)) {
$stmt->bind_param('ss', $username, $password_hash);
$stmt->execute();
$stmt->bind_result($row_username, $row_id, $row_admin);
$stmt->fetch(); $stmt->fetch();
$stmt->close(); $stmt->close();
// Store the basic login information // Store the basic login information
$this->user = array('username' => $row_username, 'id' => $row_id, 'is_admin' => $row_admin); $this->user = array('username' => $row_username, 'id' => $row_id, 'is_admin' => $row_admin);
return $username === $row_username; return strtolower($username) === strtolower($row_username);
} }
return false; return false;
} }
@ -638,20 +638,27 @@ class User {
$this->serErrorMessage("Username must not be empty"); $this->serErrorMessage("Username must not be empty");
return false; return false;
} }
if (!$aData['email'] = $this->getUserEmail($username)) { if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
$this->debug->append("Username is an e-mail: $username", 2);
if (!$username = $this->getUserNameByEmail($username)) {
$this->setErrorMessage("Invalid username or password.");
return false;
}
}
if (!$aData['email'] = $this->getUserEmail($username, true)) {
$this->setErrorMessage("Unable to find a mail address for user $username"); $this->setErrorMessage("Unable to find a mail address for user $username");
return false; return false;
} }
if (!$aData['token'] = $this->token->createToken('password_reset', $this->getUserId($username))) { if (!$aData['token'] = $this->token->createToken('password_reset', $this->getUserId($username, true))) {
$this->setErrorMessage('Unable to setup token for password reset'); $this->setErrorMessage('Unable to setup token for password reset');
return false; return false;
} }
$aData['username'] = $username; $aData['username'] = $this->getUserName($this->getUserId($username, true));
$aData['subject'] = 'Password Reset Request'; $aData['subject'] = 'Password Reset Request';
if ($this->mail->sendMail('password/reset', $aData)) { if ($this->mail->sendMail('password/reset', $aData)) {
return true; return true;
} else { } else {
$this->setErrorMessage("Unable to send mail to your address"); $this->setErrorMessage('Unable to send mail to your address');
return false; return false;
} }
return false; return false;

2
public/templates/mmcFE/password/default.tpl
View File

@ -2,7 +2,7 @@
<form action="" method="POST"> <form action="" method="POST">
<input type="hidden" name="page" value="password"> <input type="hidden" name="page" value="password">
<input type="hidden" name="action" value="reset"> <input type="hidden" name="action" value="reset">
<p>If you have an email set for your account, enter your username to get your password reset</p> <p>If you have an email set for your account, enter your username or email address to get your password reset</p>
<p><input type="text" value="{$smarty.post.username|default:""}" name="username" required><input class="submit small" type="submit" value="Reset"></p> <p><input type="text" value="{$smarty.post.username|default:""}" name="username" required><input class="submit small" type="submit" value="Reset"></p>
</form> </form>
{include file="global/block_footer.tpl"} {include file="global/block_footer.tpl"}

2
public/templates/mpos/password/default.tpl
View File

@ -6,7 +6,7 @@
<div class="module_content"> <div class="module_content">
<p>If you have an email set for your account, enter your username to get your password reset</p> <p>If you have an email set for your account, enter your username to get your password reset</p>
<fieldset> <fieldset>
<label>Username</label> <label>Username or E-Mail</label>
<input type="text" name="username" value="{$smarty.post.username|default:""}" size="22" maxlength="20" required> <input type="text" name="username" value="{$smarty.post.username|default:""}" size="22" maxlength="20" required>
</fieldset> </fieldset>
<div class="clear"></div> <div class="clear"></div>