Change login to use username instead of email

carlbennett · carlbennett · commit 0dfe6d0917ff · 2019-08-23T22:42:21.000Z
diff --git a/src/controllers/User/Login.php b/src/controllers/User/Login.php
@@ -17,9 +17,7 @@
 use \CarlBennett\MVC\Libraries\View;
 
 class Login extends Controller {
-
   public function &run(Router &$router, View &$view, array &$args) {
-
     $model = new UserLoginModel();
 
     $model->csrf_id      = mt_rand();
@@ -44,30 +42,38 @@ protected function tryLogin(Router &$router, UserLoginModel &$model) {
     if (!isset(Common::$database)) {
       Common::$database = DatabaseDriver::getDatabaseObject();
     }
+
     $data       = $router->getRequestBodyArray();
     $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
     $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
     $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
-    $email      = (isset($data["email"     ]) ? $data["email"     ] : null);
+    $username   = (isset($data["username"  ]) ? $data["username"  ] : null);
     $password   = (isset($data["password"  ]) ? $data["password"  ] : null);
+
+    $model->username = $username;
+
     if (!$csrf_valid) {
       $model->error = "INVALID_CSRF";
       return;
     }
     CSRF::invalidate($csrf_id);
+
     if ( isset( Authentication::$user )) {
       $model->error = "ALREADY_LOGGED_IN";
-    } else if (empty($email)) {
-      $model->error = "EMPTY_EMAIL";
+    } else if (empty($username)) {
+      $model->error = "EMPTY_USERNAME";
     } else if (Common::$config->bnetdocs->user_login_disabled) {
       $model->error = "LOGIN_DISABLED";
     }
+
     if ($model->error) return;
+
     try {
-      $user = new User(User::findIdByEmail($email));
+      $user = new User(User::findIdByUsername($username));
     } catch (UserNotFoundException $e) {
       $user = null;
     }
+
     if (!$user) {
       $model->error = "USER_NOT_FOUND";
     } else if ($user->getOptionsBitmask() & User::OPTION_DISABLED) {
@@ -77,16 +83,20 @@ protected function tryLogin(Router &$router, UserLoginModel &$model) {
     } else if (!$user->checkPassword($password)) {
       $model->error = "PASSWORD_INCORRECT";
     }
+
     if ($model->error) return;
-    $model->error        = false;
-    $model->password     = '';
+    $model->error = false;
+
     Authentication::login( $user );
+
     Logger::logEvent(
       EventTypes::USER_LOGIN,
       ($user ? $user->getId() : null),
       getenv("REMOTE_ADDR"),
-      json_encode(["error" => $model->error])
+      json_encode([
+        "error" => $model->error,
+        "username" => $username,
+      ])
     );
   }
-
 }
diff --git a/src/models/User/Login.php b/src/models/User/Login.php
@@ -6,9 +6,9 @@
 
 class Login extends Model {
 
-  public $bad_email;
-  public $bad_password;
-  public $email;
-  public $password;
+  public $csrf_id;
+  public $csrf_token;
+  public $error;
+  public $username;
 
 }
diff --git a/src/templates/User/Login.phtml b/src/templates/User/Login.phtml
@@ -16,12 +16,12 @@ switch ($this->getContext()->error) {
   case "ALREADY_LOGGED_IN":
     $message = "You are already logged in, you must log out first.";
     break;
-  case "EMPTY_EMAIL":
-    $message = "The email address was left blank.";
+  case "EMPTY_USERNAME":
+    $message = "The username was left blank.";
     break;
   case "USER_NOT_FOUND":
   case "PASSWORD_INCORRECT":
-    $message = "Incorrect email address or password.";
+    $message = "Incorrect username or password.";
     break;
   case "USER_DISABLED":
     $message = "The account has been administratively disabled.";
@@ -48,23 +48,23 @@ require("./header.inc.phtml");
         </section>
 <?php } ?>
         <form method="POST" action="?">
-          <input type="hidden" name="csrf_id" value="<?php echo $this->getContext()->csrf_id; ?>"/>
-          <input type="hidden" name="csrf_token" value="<?php echo $this->getContext()->csrf_token; ?>"/>
+          <input type="hidden" name="csrf_id" value="<?=filter_var($this->getContext()->csrf_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
+          <input type="hidden" name="csrf_token" value="<?=filter_var($this->getContext()->csrf_token, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
           <section>
             <table>
               <thead></thead>
               <tbody>
                 <tr>
                   <td>
-                    <label for="email">Email address:</label><br/>
+                    <label for="username">Username:</label><br/>
                     <input
-                      type="email"
-                      name="email"
-                      id="email"
-                      value=""
+                      type="text"
+                      name="username"
+                      id="username"
+                      value="<?=filter_var($this->getContext()->username, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"
                       tabindex="1"
                       required
-                      autocomplete="email"
+                      autocomplete="username"
                       autofocus="autofocus"
                     />
                   </td><td>
