diff --git a/dbd/qq/SYS_SECURITY_LOGIN_MD5.php b/dbd/qq/SYS_SECURITY_LOGIN_MD5.php index a0b6b8f..e74f06c 100644 --- a/dbd/qq/SYS_SECURITY_LOGIN_MD5.php +++ b/dbd/qq/SYS_SECURITY_LOGIN_MD5.php @@ -6,10 +6,10 @@ class SYS_SECURITY_LOGIN_MD5 extends \SYSTEM\DB\QP { return new \SYSTEM\DB\QQuery(get_class(), //pg 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower($1))'. ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $3 );', //mys 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower(?))'. ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );' );}} \ No newline at end of file diff --git a/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php b/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php index c703809..b8de069 100644 --- a/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php +++ b/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php @@ -6,10 +6,10 @@ class SYS_SECURITY_LOGIN_SHA1 extends \SYSTEM\DB\QP { return new \SYSTEM\DB\QQuery(get_class(), //pg 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower($1))'. ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;', //mys 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower(?))'. ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;' );}} \ No newline at end of file diff --git a/security/Security.php b/security/Security.php index a621de0..0c44034 100644 --- a/security/Security.php +++ b/security/Security.php @@ -13,11 +13,11 @@ class Security { $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::QI(array( $username , $password, $email, $locale, 1 )); if(!$result || !self::login($username, $password, $locale)){ return self::FAIL;} - return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK); + return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password),array($username, $username, $password)) : self::OK); } public static function changePassword($username, $password_sha_old, $password_sha_new){ - $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old)); + $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old),array($username, $username, $password_sha_old)); if(!$row){ return self::FAIL;} // old password wrong $userID = $row['id']; @@ -31,9 +31,9 @@ class Security { //Database check if(isset($password_md5)){ - $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5)); + $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5),array($username, $username, $password_sha, $password_md5)); }else{ - $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha));} + $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha),array($username, $username, $password_sha));} if(!$row){ new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");