From 0c2b887643f98d2aa493b05053d6a4cd0f81a5e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <commits@skodak.org>
Date: Mon, 26 Aug 2013 20:18:41 +0200
Subject: [PATCH] MDL-41115 allow users to login with email instead of username

---
 admin/settings/plugins.php |  1 +
 lang/en/auth.php           |  2 ++
 lib/moodlelib.php          | 27 ++++++++++++++++++++++++---
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/admin/settings/plugins.php b/admin/settings/plugins.php
index 502d5e6..ae075f3 100644
--- a/admin/settings/plugins.php
+++ b/admin/settings/plugins.php
@@ -48,6 +48,7 @@ if ($hassiteconfig) {
     $temp->add(new admin_setting_manageauths());
     $temp->add(new admin_setting_heading('manageauthscommonheading', new lang_string('commonsettings', 'admin'), ''));
     $temp->add(new admin_setting_special_registerauth());
+    $temp->add(new admin_setting_configcheckbox('authloginviaemail', new lang_string('authloginviaemail', 'core_auth'), new lang_string('authloginviaemail_desc', 'core_auth'), 0));
     $temp->add(new admin_setting_configcheckbox('authpreventaccountcreation', new lang_string('authpreventaccountcreation', 'admin'), new lang_string('authpreventaccountcreation_help', 'admin'), 0));
     $temp->add(new admin_setting_configcheckbox('loginpageautofocus', new lang_string('loginpageautofocus', 'admin'), new lang_string('loginpageautofocus_help', 'admin'), 0));
     $temp->add(new admin_setting_configselect('guestloginbutton', new lang_string('guestloginbutton', 'auth'),
diff --git a/lang/en/auth.php b/lang/en/auth.php
index ac23770..1a274f9 100644
--- a/lang/en/auth.php
+++ b/lang/en/auth.php
@@ -107,6 +107,8 @@ $string['informpasswordpolicy'] = 'The password must have {$a}';
 $string['instructions'] = 'Instructions';
 $string['internal'] = 'Internal';
 $string['locked'] = 'Locked';
+$string['authloginviaemail'] = 'Allow login via email';
+$string['authloginviaemail_desc'] = 'Allow users to use both username and email address (if unique) for site login.';
 $string['md5'] = 'MD5 hash';
 $string['nopasswordchange'] = 'Password can not be changed';
 $string['nopasswordchangeforced'] = 'You cannot proceed without changing your password, however there is no available page for changing it. Please contact your Moodle Administrator.';
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index ad04ace..b793f64 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -4286,7 +4286,7 @@ function guest_user() {
  *
  * Note: this function works only with non-mnet accounts!
  *
- * @param string $username  User's username
+ * @param string $username  User's username (or also email if $CFG->authloginviaemail enabled)
  * @param string $password  User's password
  * @param bool $ignorelockout useful when guessing is prevented by other mechanism such as captcha or SSO
  * @param int $failurereason login failure reason, can be used in renderers (it may disclose if account exists)
@@ -4296,9 +4296,30 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
     global $CFG, $DB;
     require_once("$CFG->libdir/authlib.php");
 
+    $select = "mnethostid = :mnethostid AND UPPER(username) = UPPER(:username) AND deleted = 0";
+    $params = array('mnethostid'=>$CFG->mnet_localhost_id, 'username'=>$username);
+    if ($user = $DB->get_record_select('user', $select, $params, 'id')) {
+        $user = get_complete_user_data('id', $user->id);
+        $username = core_text::strtolower($user->username);
+
+    } else if (!empty($CFG->authloginviaemail)) {
+        if ($email = clean_param($username, PARAM_EMAIL)) {
+            $select = "mnethostid = :mnethostid AND UPPER(email) = UPPER(:email) AND deleted = 0";
+            $params = array('mnethostid'=>$CFG->mnet_localhost_id, 'email'=>$email);
+            $users = $DB->get_records_select('user', $select, $params, 'id', 'id', 0, 2);
+            if (count($users) === 1) {
+                // Use email for login only if unique.
+                $user = reset($users);
+                $user = get_complete_user_data('id', $user->id);
+                $username = core_text::strtolower($user->username);
+            }
+            unset($users);
+        }
+    }
+
     $authsenabled = get_enabled_auth_plugins();
 
-    if ($user = get_complete_user_data('username', $username, $CFG->mnet_localhost_id)) {
+    if ($user) {
         // Use manual if auth not set.
         $auth = empty($user->auth) ? 'manual' : $user->auth;
         if (!empty($user->suspended)) {
@@ -4366,7 +4387,7 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
             // User already exists in database.
             if (empty($user->auth)) {
                 // For some reason auth isn't set yet.
-                $DB->set_field('user', 'auth', $auth, array('username' => $username));
+                $DB->set_field('user', 'auth', $auth, array('id' => $user->id));
                 $user->auth = $auth;
             }
 
-- 
1.8.4