frontend/php/account/login.php | 8 ++++----
frontend/php/include/session.php | 28 ++++++++++++++++++----------
2 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/frontend/php/account/login.php b/frontend/php/account/login.php
index 3c1d000..a5bbf0b 100644
--- a/frontend/php/account/login.php
+++ b/frontend/php/account/login.php
@@ -170,8 +170,8 @@ if (!empty($login) && !$success)
&& $GLOBALS['signal_pending_account'] == 1)
{
print '<h2>'._("Pending Account").'</h2>';
- print '<p>'._("Your account is currently pending your email
confirmation.
-Visiting the link sent to you in this email will activate your account.")
+ print '<p>'._("Your account is currently awaiting your email
confirmation.
+Visiting the link sent to you by email will activate your account.")
.'</p>';
print '<p><a href="pending-resend.php?form_user='
.htmlspecialchars($form_loginname, ENT_QUOTES).'">['
@@ -209,7 +209,7 @@ print '<input type="hidden" name="uri"
value="'.htmlspecialchars($uri, ENT_QUOTE
# the rest of form,
# so they dont mess with the normal order when you press TAB on the keyboard
# (login -> password -> post).
-print '<p><span class="preinput">'._("Login Name:").'</span><br
/> ';
+print '<p><span class="preinput">'._("Login Name or Email
Address:").'</span><br /> ';
print '<input type="text" name="form_loginname" value="'
.htmlspecialchars($form_loginname, ENT_QUOTES)
.'" tabindex="1" /> <a class="smaller" href="register.php"
tabindex="2">['
@@ -234,7 +234,7 @@ else
print '<p class="warn"><input type="hidden" name="stay_in_ssl" value="0"
/>';
print _("This server does not encrypt data (no https), so the password you
sent may be viewed by other people. Do not use any important
-passwords.").'</p>';
+password.").'</p>';
}
$checked = '';
diff --git a/frontend/php/include/session.php b/frontend/php/include/session.php
index dbc8042..b46be83 100644
--- a/frontend/php/include/session.php
+++ b/frontend/php/include/session.php
@@ -64,7 +64,7 @@ require_once(dirname(__FILE__).'/account.php');
$G_SESSION=array();
$G_USER=array();
-function session_login_valid($form_loginname,
+function session_login_valid($form_loginname_or_email,
$form_pw,
$allowpending=0,
$cookie_for_a_year=0,
@@ -77,17 +77,25 @@ function session_login_valid($form_loginname,
# FIXME: feel free to mess with PHP3 and crypt...
global $session_hash;
- if (!$form_loginname || !$form_pw)
+ if (!$form_loginname_or_email || !$form_pw)
{
- fb(_('Missing Password Or User Name'), 1);
+ fb(_('Missing password or user name/email.'), 1);
return false;
}
+ # First try login by login name, then by email
+
$resq = db_execute("SELECT user_id,user_pw,status FROM user WHERE "
- . "user_name=?", array($form_loginname));
+ . "user_name=?", array($form_loginname_or_email));
if (!$resq || db_numrows($resq) < 1)
{
- fb(_('Invalid User Name'), 1);
+ $resq = db_execute("SELECT user_id,user_pw,status FROM user WHERE "
+ . "email=?", array($form_loginname_or_email));
+ }
+
+ if (!$resq || db_numrows($resq) < 1)
+ {
+ fb(_('Invalid user name or email and password.'), 1);
return false;
}
@@ -110,7 +118,7 @@ function session_login_valid($form_loginname,
if ($usr['status'] == 'P')
{
# Account pending.
- fb(_('Account Pending'), 1);
+ fb(_('Account awaiting email confirmation.'), 1);
# We can't rely on $ffeedback because it's cleared after use.
$GLOBALS['signal_pending_account'] = 1;
return false;
@@ -118,13 +126,13 @@ function session_login_valid($form_loginname,
if ($usr['status'] == 'D' || $usr['status'] == 'S')
{
# Account deleted.
- fb(_('Account Deleted'), 1);
+ fb(_('Account deleted.'), 1);
return false;
}
if ($usr['status'] != 'A')
{
# Unacceptable account flag.
- fb(_('Account Not Active'),1);
+ fb(_('Account not active.'),1);
return false;
}
}
@@ -193,7 +201,7 @@ Please ask site administrators for a password.'), 1);
if (crypt($usr['user_pw'],$form_pw) != $form_pw)
{
#invalid password or user_name
- fb(_('Invalid Password'),1);
+ fb(_('Invalid user name or email and password.'), 1);
return false;
}
}
@@ -202,7 +210,7 @@ Please ask site administrators for a password.'), 1);
if (!account_validpw($usr['user_pw'],$form_pw))
{
#invalid password or user_name
- fb(_('Invalid Password'),1);
+ fb(_('Invalid user name or email and password.'), 1);
return false;
}
else
--
2.20.1
