radim_h
2nd September 2010, 17:50
Maybe someone can use it:
I have other systems and client billing app, where users are logging in with theirs emails. I wanted them to have same login (email)also into ISPC3, so here is little "hack"
1. File: /usr/local/ispconfig/interface/web/login/index.php
change line 63 (lines are counted from version 3.0.3beta)
from:
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
to:
if(!preg_match("/^[\w\.\-\_\@]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
chnage line 68
from:
$username = $app->db->quote($_POST['username']);
to:
$username = $app->db->quote(str_replace('@', '_', $_POST['username']));
2. File: /usr/local/ispconfig/interface/web/login/password_reset.php
lines 44 to 50
change original block of code:
if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
$username = $app->db->quote($_POST['username']);
$email = $app->db->quote($_POST['email']);
to new one
if(/*isset($_POST['username']) && $_POST['username'] != '' &&*/ $_POST['email'] != '' && $_POST['username'] != 'admin') {
//if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
// $username = $app->db->quote($_POST['username']);
$email = $app->db->quote($_POST['email']);
$username = str_replace('@', '_', $email);
3. File: /usr/local/ispconfig/interface/web/login/templates/password_reset.htm
remove lines 19-22
<div class="ctrlHolder">
<label for="username"><em>*</em> Username</label>
<input name="username" id="username" value="" size="30" maxlength="255" type="text" class="textInput" />
</div>
How to use it:
Let's say, our sample user is "user@domain.tld"
1. You must create create all users in ISPC with Username format as email with _ instead of @
so create user with Username: user_domain.tld and Email: user@domain.tld
Now when users ale loggin in, "@" in username(email) is replaced with "_" so they match system user
On password reset page, user doesn't have to input Email & username, they have to fill just email
which is IMO good as remembering two things is very hard for some customers .o)
but
BTW:
With this modification or not, it would be great if Password reset function will have to be confirmed by clicking on link which will come to user by email. Because if someone knows your email or login, they can simply reset your password anytime they want (but new password will be send to You)
I have other systems and client billing app, where users are logging in with theirs emails. I wanted them to have same login (email)also into ISPC3, so here is little "hack"
1. File: /usr/local/ispconfig/interface/web/login/index.php
change line 63 (lines are counted from version 3.0.3beta)
from:
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
to:
if(!preg_match("/^[\w\.\-\_\@]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
chnage line 68
from:
$username = $app->db->quote($_POST['username']);
to:
$username = $app->db->quote(str_replace('@', '_', $_POST['username']));
2. File: /usr/local/ispconfig/interface/web/login/password_reset.php
lines 44 to 50
change original block of code:
if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
$username = $app->db->quote($_POST['username']);
$email = $app->db->quote($_POST['email']);
to new one
if(/*isset($_POST['username']) && $_POST['username'] != '' &&*/ $_POST['email'] != '' && $_POST['username'] != 'admin') {
//if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
// $username = $app->db->quote($_POST['username']);
$email = $app->db->quote($_POST['email']);
$username = str_replace('@', '_', $email);
3. File: /usr/local/ispconfig/interface/web/login/templates/password_reset.htm
remove lines 19-22
<div class="ctrlHolder">
<label for="username"><em>*</em> Username</label>
<input name="username" id="username" value="" size="30" maxlength="255" type="text" class="textInput" />
</div>
How to use it:
Let's say, our sample user is "user@domain.tld"
1. You must create create all users in ISPC with Username format as email with _ instead of @
so create user with Username: user_domain.tld and Email: user@domain.tld
Now when users ale loggin in, "@" in username(email) is replaced with "_" so they match system user
On password reset page, user doesn't have to input Email & username, they have to fill just email
which is IMO good as remembering two things is very hard for some customers .o)
but
BTW:
With this modification or not, it would be great if Password reset function will have to be confirmed by clicking on link which will come to user by email. Because if someone knows your email or login, they can simply reset your password anytime they want (but new password will be send to You)