Skip to content

Instantly share code, notes, and snippets.

@cmaas
Last active June 25, 2019 08:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cmaas/c652b1171f1a7cb85fe59193f6a12b1f to your computer and use it in GitHub Desktop.
Save cmaas/c652b1171f1a7cb85fe59193f6a12b1f to your computer and use it in GitHub Desktop.
PHPBB3: Login by email and authenticate at ACP

PhpBB3: Login by email and re-authenticate at ACP

I made a custom auth provider that accepts the email as username. However, if you try to login to the ACP, you get this error:

You are not able to re-authenticate as a different user.

The problem causing this is in the file includes/functions.php. When you re-authenticate for the ACP, the provided username is compared with the user data (around line 2358):

// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username']))
{
    // We log the attempt to use a different username...
    $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');

    send_status_line(403, 'Forbidden');
    trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}

You need to modify this bit of code so that the email address is compared and not the username:

if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['user_email']))
{
    ...
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment