#45 Verify if the username is an e-mail and avoid big usernames

henriquejsfj · henriquejsfj · commit b0a286f812c3 · 2024-08-08T17:31:09.000Z
diff --git a/classes/BadpwFailedLoginsDAO.php b/classes/BadpwFailedLoginsDAO.php
@@ -58,6 +58,17 @@ public function deleteObject(BadpwFailedLogins $badpwObj) : bool {
 	 * @return BadpwFailedLogins object Object matching the username
 	 */
 	public function getByUsername(string $username) : ?BadpwFailedLogins {
+		// Verify if the username is an email
+		if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
+			$user = Repo::user()->getByEmail($username);
+			if (!$user) {
+				return null;
+			}
+			$username = $user->getData('userName');
+		} elseif (strlen($username) > 32) { // Invalid username length
+			return null;
+		}
+
 		$result = $this->retrieve('
 			SELECT *
 			FROM badpw_failedlogins
