From a866875383bd6ef529e9f7984903b7881670e33f Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Sat, 6 May 2023 14:45:25 -0600
Subject: [PATCH] Allow login with email authentication

---
 .../resources/classes/plugins/totp.php              | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/core/authentication/resources/classes/plugins/totp.php b/core/authentication/resources/classes/plugins/totp.php
index b157757688..c72edcae15 100644
--- a/core/authentication/resources/classes/plugins/totp.php
+++ b/core/authentication/resources/classes/plugins/totp.php
@@ -88,7 +88,10 @@ class plugin_totp {
 				//get the user details
 				$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
 				$sql .= "from v_users\n";
-				$sql .= "where username = :username\n";
+				$sql .= "where (\n";
+				$sql .= "	username = :username\n";
+				$sql .= "	or user_email = :username\n";
+				$sql .= ")\n";
 				if ($_SESSION["users"]["unique"]["text"] != "global") {
 					//unique username per domain (not globally unique across system - example: email address)
 					$sql .= "and domain_uuid = :domain_uuid ";
@@ -222,7 +225,10 @@ class plugin_totp {
 				//get the user details
 				$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
 				$sql .= "from v_users\n";
-				$sql .= "where username = :username\n";
+				$sql .= "where (\n";
+				$sql .= "	username = :username\n";
+				$sql .= "	or user_email = :username\n";
+				$sql .= ")\n";
 				if ($_SESSION["users"]["unique"]["text"] != "global") {
 					//unique username per domain (not globally unique across system - example: email address)
 					$sql .= "and domain_uuid = :domain_uuid ";
@@ -251,7 +257,8 @@ class plugin_totp {
 				//get the user details
 				if ($auth_valid) {
 					//get user data from the database
-					$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
+					$sql = "select user_uuid, username, user_email, contact_uuid ";
+					$sql .= "from v_users ";
 					$sql .= "where user_uuid = :user_uuid ";
 					if ($_SESSION["users"]["unique"]["text"] != "global") {
 						//unique username per domain (not globally unique across system - example: email address)