diff --git a/LoginRegister.module b/LoginRegister.module index 0fa7234..07c3820 100644 --- a/LoginRegister.module +++ b/LoginRegister.module @@ -378,25 +378,27 @@ class LoginRegister extends WireData implements Module, ConfigurableModule { if(!$name || !$pass) return false; - $name = $nameIsEmail ? $this->emailToName($name) : $sanitizer->pageName($name); $pass = substr($pass, 0, 128); - $user = $session->login($name, $pass); + $user = null; - if((!$user || $user->name !== $name) && $nameIsEmail) { - // login failed, but login by email is supported - // attempt login a second time by finding user with email address and using their name - $user = null; - $email = $sanitizer->selectorValue($nameField->attr('value')); - $matches = $this->wire('users')->find("include=all, email=$email"); + if($nameIsEmail && strpos($name, '@') !== false) { + // Resolve email to an actual user name before attempting login so that + // failed first-pass log entries are not generated for successful email logins. + $email = $sanitizer->selectorValue($name); + $matches = $this->wire('users')->find("include=all, email=$email"); $qty = $matches->count(); if($qty === 1) { - $user = $session->login($matches->first()->name, $pass); - $name = $user->name; + $name = $matches->first()->name; } else if($qty > 1) { $this->error($this->_('Cannot login because more than one account uses this email address.')); + $name = ''; } + } else { + $name = $sanitizer->pageName($name); } + if($name) $user = $session->login($name, $pass); + if($user && $user->name === $name) { // successful login $this->loginSuccess($user); @@ -1194,4 +1196,3 @@ class LoginRegister extends WireData implements Module, ConfigurableModule { } } -