Feature#765 now it's possible to login with your email address (#770)

First we check for the username, if not found we check among email addresses.
2025-04-26 19:29:58 +03:00 · 2020-09-30 10:51:29 +02:00 · 2020-09-30 10:51:29 +02:00 · 32ff00caec
commit 32ff00caec
parent b24c6c48f1
1 changed files with 25 additions and 0 deletions
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@ -1099,6 +1099,8 @@ function pwg_login($success, $username, $password, $remember_me)
  pwg_session_gc();

  global $conf;
+
+  $user_found = false;
  // retrieving the encrypted password of the login submitted
  $query = '
 SELECT '.$conf['user_fields']['id'].' AS id,
@ -1106,8 +1108,31 @@ SELECT '.$conf['user_fields']['id'].' AS id,
  FROM '.USERS_TABLE.'
  WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
 ;';
+
  $row = pwg_db_fetch_assoc(pwg_query($query));
  if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id']))
+  {
+    $user_found = true;
+  }
+
+  // If we didn't find a matching user name, we search for email address
+  if (!$user_found)
+  {
+    $query = '
+  SELECT '.$conf['user_fields']['id'].' AS id,
+         '.$conf['user_fields']['password'].' AS password
+    FROM '.USERS_TABLE.'
+    WHERE '.$conf['user_fields']['email'].' = \''.pwg_db_real_escape_string($username).'\'
+    ;';
+
+    $row = pwg_db_fetch_assoc(pwg_query($query));
+    if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id']))
+    {
+      $user_found = true;
+    }
+  }
+
+  if ($user_found)
  {
    log_user($row['id'], $remember_me);
    trigger_notify('login_success', stripslashes($username));