Changeset:
bb3e245e3beb
https://sourceforge.net/p/mrbs/hg-code/ci/bb3e245e3beb21d61121fa4463f058d705dfd237
Author:
Campbell Morrison <[email protected]>
Date:
Mon Feb 20 16:29:39 2017 +0000
Log message:
Added the ability to use an email address for logging in. (Only works at the
moment for session=php and auth=db).
diffstat:
web/auth/auth_db.inc | 60 +++++++++++++++++++++++++++-
web/css/mrbs.css.php | 2 +-
web/lang/lang.en | 2 +
web/session/session_php.inc | 96 ++++++++++++++++++++++++++++----------------
4 files changed, 122 insertions(+), 38 deletions(-)
diffs (214 lines):
diff -r 02a0f1101714 -r bb3e245e3beb web/auth/auth_db.inc
--- a/web/auth/auth_db.inc Mon Feb 20 15:09:52 2017 +0000
+++ b/web/auth/auth_db.inc Mon Feb 20 16:29:39 2017 +0000
@@ -116,8 +116,8 @@
* $pass - The password
*
* Returns:
- * true - The pair are invalid or do not exist
- * false - The pair are valid
+ * false - The pair are invalid or do not exist
+ * true - The pair are valid
*/
function authValidateUser($user, $pass)
{
@@ -149,6 +149,62 @@
return checkPassword($pass, $row['password_hash'], 'name', $user);
}
+
+/* authValidateEmail($email, $pass)
+ *
+ * Checks if the specified email/password pair are valid
+ *
+ * $email - The email address
+ * $pass - The password
+ *
+ * Returns:
+ * false - The pair are invalid or do not exist
+ * username - The pair are valid
+ */
+function authValidateEmail($email, $pass)
+{
+ global $tbl_users;
+
+ $sql_params = array($email);
+
+ // For the moment we will assume that email addresses are case insensitive.
Whilst it is true
+ // on most systems, it isn't always true. The domain part is case
insensitive but the local part can
+ // be case sensitive. But before we can take account of this, the email
addresses in the database
+ // need to be normalised so that all the domain names are stored in lower
case. Then it will be possible
+ // to do a case sensitive comparison.
+ $sql = "SELECT password_hash, name
+ FROM $tbl_users
+ WHERE LOWER(email)=LOWER(?)";
+
+ $res = db()->query($sql, $sql_params);
+
+ $rows = $res->all_rows_keyed();
+
+ if (empty($rows))
+ {
+ return false;
+ }
+
+ // Check all the users that have this email address and password hash. If
there are more
+ // than one then we don't know which user to login, so return false.
+ $possible_names = array();
+ foreach($rows as $row)
+ {
+ if (checkPassword($pass, $row['password_hash'], 'email', $email))
+ {
+ $possible_names[] = $row['name'];
+ }
+ }
+
+ if (count($possible_names) == 1)
+ {
+ return $possible_names[0];
+ }
+
+ return false;
+}
+
+
/* authGetUserLevel($user)
*
* Determines the user's access level
diff -r 02a0f1101714 -r bb3e245e3beb web/css/mrbs.css.php
--- a/web/css/mrbs.css.php Mon Feb 20 15:09:52 2017 +0000
+++ b/web/css/mrbs.css.php Mon Feb 20 16:29:39 2017 +0000
@@ -693,7 +693,7 @@
// Specific to the "logon" form
$logon_left_col_max_width = '8'; // em
-$logon_input_width = '12'; // em
+$logon_input_width = '14'; // em
$logon_form_min_width = $logon_left_col_max_width +
$logon_input_width + $general_gap;
$logon_form_min_width = number_format($logon_form_min_width, 1, '.',
''); // get rid of any commas
diff -r 02a0f1101714 -r bb3e245e3beb web/lang/lang.en
--- a/web/lang/lang.en Mon Feb 20 15:09:52 2017 +0000
+++ b/web/lang/lang.en Mon Feb 20 16:29:39 2017 +0000
@@ -219,6 +219,8 @@
$vocab["you_are"] = "You are";
$vocab["login"] = "Log in";
$vocab["logoff"] = "Log off";
+$vocab["username"] = "Username";
+$vocab["username_or_email"] = "Username or email address";
// Database upgrade code
$vocab["database_login"] = "Database login";
diff -r 02a0f1101714 -r bb3e245e3beb web/session/session_php.inc
--- a/web/session/session_php.inc Mon Feb 20 15:09:52 2017 +0000
+++ b/web/session/session_php.inc Mon Feb 20 16:29:39 2017 +0000
@@ -91,10 +91,19 @@
{
if (!authValidateUser($NewUserName, $NewUserPassword))
{
- print_header(0, 0, 0, 0, "");
- echo "<p>".get_vocab('unknown_user')."</p>\n";
- printLoginForm($TargetURL);
- exit();
+ // Maybe the username was an email address. Try that if possible.
+ if (function_exists(__NAMESPACE__ . "\\authValidateEmail") &&
+ ($result = authValidateEmail($NewUserName, $NewUserPassword)) !==
false)
+ {
+ $NewUserName = $result;
+ }
+ else
+ {
+ print_header(0, 0, 0, 0, "");
+ echo "<p>".get_vocab('unknown_user')."</p>\n";
+ printLoginForm($TargetURL);
+ exit();
+ }
}
$_SESSION["UserName"] = $NewUserName;
@@ -135,37 +144,54 @@
{
global $HTTP_REFERER;
global $returl;
-?>
-<form class="form_general" id="logon" method="post" action="<?php echo
htmlspecialchars(this_page()) ?>">
- <fieldset>
- <legend><?php echo get_vocab("please_login") ?></legend>
- <div>
- <label for="NewUserName"><?php echo get_vocab("users.name") ?>:</label>
- <input type="text" id="NewUserName" name="NewUserName">
- </div>
- <div>
- <label for="NewUserPassword"><?php echo get_vocab("users.password")
?>:</label>
- <input type="password" id="NewUserPassword" name="NewUserPassword">
- </div>
- <?php
- // We need to preserve the original calling page, so that it's there when
we eventually get
- // to the TargetURL (especially if that's edit_entry.php). If this is the
first time through then $HTTP_REFERER holds
- // the original caller. If this is the second time through we will have
stored it in $returl.
- if (!isset($returl))
- {
- $returl = isset($HTTP_REFERER) ? $HTTP_REFERER : "";
- }
- echo "<input type=\"hidden\" name=\"returl\" value=\"" .
htmlspecialchars($returl) . "\">\n";
- ?>
- <input type="hidden" name="TargetURL" value="<?php echo
htmlspecialchars($TargetURL) ?>">
- <input type="hidden" name="Action" value="SetName">
- <div id="logon_submit">
- <input class="submit" type="submit" value=" <?php echo
get_vocab('login') ?> ">
- </div>
- </fieldset>
-</form>
-<?php
- echo "</div>"; // Close of the contents div
+
+ $html = '';
+
+ $html .= "<form class=\"form_general\" id=\"logon\" method=\"post\"
action=\"" .
+ htmlspecialchars(this_page()) . "\">\n";
+ $html .= "<fieldset>\n";
+ $html .= "<legend>" . get_vocab("please_login") . "</legend>\n";
+
+ $html .= "<div>\n";
+ if (function_exists(__NAMESPACE__ . "\\authValidateEmail"))
+ {
+ $placeholder = get_vocab("username_or_email");
+ }
+ else
+ {
+ $placeholder = get_vocab("username");
+ }
+ $html .= "<label for=\"NewUserName\">" . get_vocab("user") . ":</label>\n";
+ $html .= "<input type=\"text\" id=\"NewUserName\" name=\"NewUserName\"
placeholder=\"$placeholder\">\n";
+ $html .= "</div>\n";
+
+ $html .= "<div>\n";
+ $html .= "<label for=\"NewUserPassword\">" . get_vocab("users.password") .
":</label>\n";
+ $html .= "<input type=\"password\" id=\"NewUserPassword\"
name=\"NewUserPassword\">\n";
+ $html .= "</div>\n";
+
+ // We need to preserve the original calling page, so that it's there when we
eventually get
+ // to the TargetURL (especially if that's edit_entry.php). If this is the
first time through then $HTTP_REFERER holds
+ // the original caller. If this is the second time through we will have
stored it in $returl.
+ if (!isset($returl))
+ {
+ $returl = isset($HTTP_REFERER) ? $HTTP_REFERER : "";
+ }
+ $html .= "<input type=\"hidden\" name=\"returl\" value=\"" .
htmlspecialchars($returl) . "\">\n";
+ $html .= "<input type=\"hidden\" name=\"TargetURL\" value=\"" .
htmlspecialchars($TargetURL) . "\">\n";
+ $html .= "<input type=\"hidden\" name=\"Action\" value=\"SetName\">\n";
+
+ $html .= "<div id=\"logon_submit\">\n";
+ $html .= "<input class=\"submit\" type=\"submit\" value=\"" .
get_vocab('login') . "\">\n";
+ $html .= "</div>\n";
+
+ $html .= "</fieldset>\n";
+ $html .= "</form>\n";
+
+ $html .= "</div>"; // Close of the contents div
+
+ echo $html;
+
// Print footer and exit
print_footer(TRUE);
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
