From c28add6d9d2eb5f5490b29c32c82ae30531a58cb Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 16 Jul 2013 15:21:19 +0000
Subject: [PATCH] Allow authentication with email-address+password

Previously, username and password were required. With this patch, the
email address can be used to authenticate the user with the password
---
 include/class.staff.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/class.staff.php b/include/class.staff.php
index f6ed46663..a4edb4f7a 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -43,9 +43,15 @@ class Staff {
 
         $sql='SELECT staff.*, staff.created as added, grp.* '
             .' FROM '.STAFF_TABLE.' staff '
-            .' LEFT JOIN '.GROUP_TABLE.' grp ON(grp.group_id=staff.group_id) ';
+            .' LEFT JOIN '.GROUP_TABLE.' grp ON(grp.group_id=staff.group_id)
+               WHERE ';
 
-        $sql.=sprintf(' WHERE %s=%s',is_numeric($var)?'staff_id':'username',db_input($var));
+        if (is_numeric($var))
+            $sql .= 'staff_id='.db_input($var);
+        elseif (Validator::is_email($var))
+            $sql .= 'email='.db_input($var);
+        else
+            $sql .= 'username='.db_input($var);
 
         if(!($res=db_query($sql)) || !db_num_rows($res))
             return NULL;
@@ -588,7 +594,7 @@ class Staff {
             }
         }
 
-        if(!$username || !$passwd)
+        if(!$username || !$passwd || is_numeric($username))
             $errors['err'] = 'Username and password required';
 
         if($errors) return false;
-- 
GitLab