HOWTO: loging to ISPC3 with email & simplified password reset

Discussion in 'Tips/Tricks/Mods' started by radim_h, Sep 2, 2010.

  1. radim_h

    radim_h Member

    Maybe someone can use it:
    I have other systems and client billing app, where users are logging in with theirs emails. I wanted them to have same login (email)also into ISPC3, so here is little "hack"



    1. File: /usr/local/ispconfig/interface/web/login/index.php
    change line 63 (lines are counted from version 3.0.3beta)
    from:
    Code:
    if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
    to:
    Code:
    if(!preg_match("/^[\w\.\-\_\@]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
    chnage line 68
    from:
    Code:
    $username = $app->db->quote($_POST['username']);
    to:
    Code:
    $username = $app->db->quote(str_replace('@', '_', $_POST['username']));


    2. File: /usr/local/ispconfig/interface/web/login/password_reset.php

    lines 44 to 50
    change original block of code:
    Code:
    if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
    	
    	if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
    	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
    	
    	$username = $app->db->quote($_POST['username']);
    	$email = $app->db->quote($_POST['email']);
    
    to new one
    Code:
    if(/*isset($_POST['username']) && $_POST['username'] != '' &&*/ $_POST['email'] != '' && $_POST['username'] != 'admin') {
    	
    	//if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
    	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
    	
    //	$username = $app->db->quote($_POST['username']);
    	$email = $app->db->quote($_POST['email']);
    	$username = str_replace('@', '_', $email);
    
    
    3. File: /usr/local/ispconfig/interface/web/login/templates/password_reset.htm

    remove lines 19-22
    Code:
          <div class="ctrlHolder">
          	<label for="username"><em>*</em> Username</label>
            <input name="username" id="username" value="" size="30" maxlength="255" type="text" class="textInput" />
          </div>	
    


    How to use it:

    Let's say, our sample user is "[email protected]"

    1. You must create create all users in ISPC with Username format as email with _ instead of @
    so create user with Username: user_domain.tld and Email: [email protected]

    Now when users ale loggin in, "@" in username(email) is replaced with "_" so they match system user

    On password reset page, user doesn't have to input Email & username, they have to fill just email
    which is IMO good as remembering two things is very hard for some customers .o)
    but


    BTW:
    With this modification or not, it would be great if Password reset function will have to be confirmed by clicking on link which will come to user by email. Because if someone knows your email or login, they can simply reset your password anytime they want (but new password will be send to You)
     
    Last edited: Sep 2, 2010
  2. planet_fox

    planet_fox New Member

    Nice

    Nice, but I have see by an Hosting Provider an Option for Button with The Message " You want see the Password" than can you click on this Button and the Password is in plaintext. Its great when you have an user there haves on Smartphone PC and other things his mail adress configurated but Don't know what is the Password.
     
  3. radim_h

    radim_h Member

    bad idea

    it is very bad idea to have password for anything in plaintext...
     
  4. planet_fox

    planet_fox New Member

    In the first moment I have see , i have the same mind . Than I become an call from an customer, i was happy for this option. In some Time I find this Option save Time.
     
  5. radim_h

    radim_h Member

    but this has nothing common with my post above, anyway
     

Share This Page