From cb54ddcf434fc50ed97c6484bd2b8bff383a38d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrique=20J=C3=BAnior?=
 <16216517+henriquejsfj@users.noreply.github.com>
Date: Thu, 8 Aug 2024 17:31:09 +0000
Subject: [PATCH] 45 Verify if the username is an e-mail and avoid big
 usernames

---
 classes/BadpwFailedLoginsDAO.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/classes/BadpwFailedLoginsDAO.php b/classes/BadpwFailedLoginsDAO.php
index 6d402d4..7f97698 100644
--- a/classes/BadpwFailedLoginsDAO.php
+++ b/classes/BadpwFailedLoginsDAO.php
@@ -10,6 +10,7 @@
 
 use PKP\db\DAO;
 use APP\plugins\generic\betterPassword\classes\BadpwFailedLogins as BadpwFailedLogins;
+use APP\facades\Repo;
 
 class BadpwFailedLoginsDAO extends DAO {
 	/**
@@ -58,6 +59,17 @@ public function deleteObject(BadpwFailedLogins $badpwObj) : bool {
 	 * @return BadpwFailedLogins object Object matching the username
 	 */
 	public function getByUsername(string $username) : ?BadpwFailedLogins {
+		// Verify if the username is an email
+		if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
+			$user = Repo::user()->getByEmail($username);
+			if (!$user) {
+				return null;
+			}
+			$username = $user->getData('userName');
+		} elseif (strlen($username) > 32) { // Invalid username length
+			return null;
+		}
+
 		$result = $this->retrieve('
 			SELECT *
 			FROM badpw_failedlogins