HOWTO: loging to ISPC3 with email & simplified password reset

[radim_h]

Maybe someone can use it:
I have other systems and client billing app, where users are logging in with theirs emails. I wanted them to have same login (email)also into ISPC3, so here is little "hack"



1. File: /usr/local/ispconfig/interface/web/login/index.php
change line 63 (lines are counted from version 3.0.3beta)
from:

Code:

if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');

to:

Code:

if(!preg_match("/^[\w\.\-\_\@]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');

chnage line 68
from:

Code:

$username = $app->db->quote($_POST['username']);

to:

Code:

$username = $app->db->quote(str_replace('@', '_', $_POST['username']));

2. File: /usr/local/ispconfig/interface/web/login/password_reset.php

lines 44 to 50
change original block of code:

Code:

if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
	
	if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
	
	$username = $app->db->quote($_POST['username']);
	$email = $app->db->quote($_POST['email']);

to new one

Code:

if(/*isset($_POST['username']) && $_POST['username'] != '' &&*/ $_POST['email'] != '' && $_POST['username'] != 'admin') {
	
	//if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
	
//	$username = $app->db->quote($_POST['username']);
	$email = $app->db->quote($_POST['email']);
	$username = str_replace('@', '_', $email);

3. File: /usr/local/ispconfig/interface/web/login/templates/password_reset.htm

remove lines 19-22

Code:

      <div class="ctrlHolder">
      	<label for="username"><em>*</em> Username</label>
        <input name="username" id="username" value="" size="30" maxlength="255" type="text" class="textInput" />
      </div>

How to use it:

Let's say, our sample user is "user@domain.tld"

1. You must create create all users in ISPC with Username format as email with _ instead of @
so create user with Username: user_domain.tld and Email: user@domain.tld

Now when users ale loggin in, "@" in username(email) is replaced with "_" so they match system user

On password reset page, user doesn't have to input Email & username, they have to fill just email
which is IMO good as remembering two things is very hard for some customers .o)
but


BTW:
With this modification or not, it would be great if Password reset function will have to be confirmed by clicking on link which will come to user by email. Because if someone knows your email or login, they can simply reset your password anytime they want (but new password will be send to You)

[planet_fox]

Nice, but I have see by an Hosting Provider an Option for Button with The Message " You want see the Password" than can you click on this Button and the Password is in plaintext. Its great when you have an user there haves on Smartphone PC and other things his mail adress configurated but Don't know what is the Password.

[radim_h]

it is very bad idea to have password for anything in plaintext...

[planet_fox]

In the first moment I have see , i have the same mind . Than I become an call from an customer, i was happy for this option. In some Time I find this Option save Time.

[radim_h]

but this has nothing common with my post above, anyway