Use only username to login like it is used for all other authenticati…#110
Conversation
|
I think username guessing should be configurable. While right now it may seem like this configuration step is an overhead, that would change as soon as we add support for custom usernames, which don't have to follow localpart@domainpart schema. |
| # construct the correct sql statement based on who the user is | ||
| if ($_POST['localpart'] === 'siteadmin') { | ||
| $query = "SELECT crypt,localpart,user_id,domain,domains.domain_id,users.admin,users.type,domains.enabled AS domainenabled FROM users,domains | ||
| if ($_POST['username'] === 'siteadmin') { |
There was a problem hiding this comment.
I think the three cases can and should be merged into one.
Also, we should probably discover whether a user is site admin by checking the type field value, not by blindly mapping everyone whose localpart matches.
|
There is only one SQL query left, there was no reason to use three different ones. Also added the option back to guess the hostname. |
| if($domainguess === 1 && $_POST['username']!=='siteadmin') $_POST['username'].='@'.preg_replace ("/^mail\./", "", $_SERVER["SERVER_NAME"]); | ||
|
|
||
| # sql statement based on username | ||
| $query = "SELECT crypt,username,user_id,domain,domains.domain_id,users.admin,users.type,domains.enabled AS domainenabled, users.enabled AS userenabled |
There was a problem hiding this comment.
Could you please prefix all field names with table names?
|
Put in all your ideas @rimas-kudelis |
|
Not all of them. You still left the |
|
Sorry, I thought you wanted to remove |
Use only username to login like is used for other means of authentication.
|
Thanks! I would have wanted a line-break just before that last statement, but didn't want to risk annoying you even more. :) |
…on (IMAP/SMTP)
Follow up for this pull request: #106
With the current naming this is just your e-mailaddress (or
siteadmin) like it is used for all other login processes (IMAP/SMTP).