[PATCH] Add option to send reset key for a given user name

[Lukas Fleischer]

In addition to supporting email addresses in the reset key form, also
support user names. The reset key is then sent to the email address in
the user's profile.

Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
 web/html/passreset.php    | 25 ++++++++++++-------------
 web/lib/acctfuncs.inc.php | 13 +++++++------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/web/html/passreset.php b/web/html/passreset.php
index 9e7cee8..b3c8bd2 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -11,14 +11,14 @@ if (isset($_COOKIE["AURSID"])) {
 
 $error = '';
 
-if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) {
+if (isset($_GET['resetkey'], $_POST['user'], $_POST['password'], $_POST['confirm'])) {
 	$resetkey = $_GET['resetkey'];
-	$email = $_POST['email'];
+	$user = $_POST['user'];
 	$password = $_POST['password'];
 	$confirm = $_POST['confirm'];
-	$uid = uid_from_email($email);
+	$uid = uid_from_loginname($user);
 
-	if (empty($email) || empty($password)) {
+	if (empty($user) || empty($password)) {
 		$error = __('Missing a required field.');
 	} elseif ($password != $confirm) {
 		$error = __('Password fields do not match.');
@@ -31,16 +31,15 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
 	}
 
 	if (empty($error)) {
-		$error = password_reset($password, $resetkey, $email);
+		$error = password_reset($password, $resetkey, $user);
 	}
-} elseif (isset($_POST['email'])) {
-	$email = $_POST['email'];
-	$username = username_from_id(uid_from_email($email));
+} elseif (isset($_POST['user'])) {
+	$user = $_POST['user'];
 
-	if (empty($email)) {
+	if (empty($user)) {
 		$error = __('Missing a required field.');
 	} else {
-		send_resetkey($email);
+		send_resetkey($user);
 		header('Location: ' . get_uri('/passreset/') . '?step=confirm');
 		exit();
 	}
@@ -67,7 +66,7 @@ html_header(__("Password Reset"));
 		<table>
 			<tr>
 				<td><?= __("Confirm your e-mail address:"); ?></td>
-				<td><input type="text" name="email" size="30" maxlength="64" /></td>
+				<td><input type="text" name="user" size="30" maxlength="64" /></td>
 			</tr>
 			<tr>
 				<td><?= __("Enter your new password:"); ?></td>
@@ -89,8 +88,8 @@ html_header(__("Password Reset"));
 	<ul class="errorlist"><li><?= $error ?></li></ul>
 	<?php endif; ?>
 	<form action="" method="post">
-		<p><?= __("Enter your e-mail address:"); ?>
-		<input type="text" name="email" size="30" maxlength="64" /></p>
+		<p><?= __("Enter your user name or your e-mail address:"); ?>
+		<input type="text" name="user" size="30" maxlength="64" /></p>
 		<input type="submit" class="button" value="<?= __('Continue') ?>" />
 	</form>
 	<?php endif; ?>
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 345d27a..f6cda69 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) {
 /**
  * Send a reset key to a specific e-mail address
  *
- * @param string $email E-mail address of the user resetting their password
+ * @param string $user User name or email address of the user
  * @param bool $welcome Whether to use the welcome message
  *
  * @return void
  */
-function send_resetkey($email, $welcome=false) {
-	$uid = uid_from_email($email);
+function send_resetkey($user, $welcome=false) {
+	$uid = uid_from_loginname($user);
 	if ($uid == null) {
 		return;
 	}
@@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) {
  *
  * @param string $password The new password
  * @param string $resetkey Code e-mailed to a user to reset a password
- * @param string $email E-mail address of the user resetting their password
+ * @param string $user User name or email address of the user
  *
  * @return string|void Redirect page if successful, otherwise return error message
  */
-function password_reset($password, $resetkey, $email) {
+function password_reset($password, $resetkey, $user) {
 	$hash = password_hash($password, PASSWORD_DEFAULT);
 
 	$dbh = DB::connect();
@@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) {
 	$q.= "ResetKey = '' ";
 	$q.= "WHERE ResetKey != '' ";
 	$q.= "AND ResetKey = " . $dbh->quote($resetkey) . " ";
-	$q.= "AND Email = " . $dbh->quote($email);
+	$q.= "AND (Email = " . $dbh->quote($user) . " OR ";
+	$q.= "UserName = " . $dbh->quote($user) . ")";
 	$result = $dbh->exec($q);
 
 	if (!$result) {
-- 
2.25.0