[Fusionforge-commits] r7587 - trunk/gforge/common/include
Roland Mas
lolando at libremir.placard.fr.eu.org
Tue May 5 13:28:45 CEST 2009
Author: lolando
Date: 2009-05-05 13:28:45 +0200 (Tue, 05 May 2009)
New Revision: 7587
Modified:
trunk/gforge/common/include/session.php
Log:
Accept email as a login when opening a session (if sys_require_unique_email is set)
Modified: trunk/gforge/common/include/session.php
===================================================================
--- trunk/gforge/common/include/session.php 2009-05-05 11:28:37 UTC (rev 7586)
+++ trunk/gforge/common/include/session.php 2009-05-05 11:28:45 UTC (rev 7587)
@@ -148,20 +148,37 @@
global $feedback,$userstatus;
// Try to get the users from the database using user_id and (MD5) user_pw
- $res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE user_name=$1 AND user_pw=$2',
- array ($loginname,
- md5($passwd))) ;
+ if ($GLOBALS['sys_require_unique_email']) {
+ $res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE (user_name=$1 OR email=$1) AND user_pw=$2',
+ array ($loginname,
+ md5($passwd))) ;
+ } else {
+ $res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE user_name=$1 AND user_pw=$2',
+ array ($loginname,
+ md5($passwd))) ;
+ $res = db_query("
+ SELECT user_id,status,unix_pw
+ FROM users
+ WHERE user_name='$loginname'
+ AND user_pw='".md5($passwd)."'
+ ");
+ }
if (!$res || db_numrows($res) < 1) {
// No user whose MD5 passwd matches the MD5 of the provided passwd
- // Selecting by user_name only
- $res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE user_name=$1',
- array ($loginname)) ;
+ // Selecting by user_name/email only
+ if ($GLOBALS['sys_require_unique_email']) {
+ $res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE user_name=$1 OR email=$1',
+ array ($loginname)) ;
+ } else {
+ $res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE user_name=$1',
+ array ($loginname)) ;
+ }
if (!$res || db_numrows($res) < 1) {
// No user by that name
$feedback=_('Invalid Password Or User Name');
return false;
} else {
- // There is a user with the provided user_name, but the MD5 passwds do not match
+ // There is a user with the provided user_name/email, but the MD5 passwds do not match
// We'll have to try checking the (crypt) unix_pw
$usr = db_fetch_array($res);
More information about the Fusionforge-commits
mailing list