From bc69b99cb053f0f1599f91aea8e28a682f4b7fa7 Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Thu, 29 Oct 2020 15:51:31 -0600
Subject: [PATCH] Password Reset: Adjust username check when username_format
 set to email.

---
 resources/login.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/resources/login.php b/resources/login.php
index 2d4c21cd02..66d73757b1 100644
--- a/resources/login.php
+++ b/resources/login.php
@@ -171,8 +171,10 @@
 		$password_new = trim($_REQUEST['password_new']);
 		$password_repeat = trim($_REQUEST['password_repeat']);
 
-		//strip off @domain if submitted with username, as the valid domain for the reset is already being provided in the where clause below
-		$username = substr_count($username, '@') != 0 ? explode('@', $username)[0] : $username;
+		//if not requiring usernames to be of email format, strip off @domain as the valid domain for the reset is already being provided in the where clause below
+		if ($_SESSION['users']['username_format']['text'] != 'email') {
+			$username = substr_count($username, '@') != 0 ? explode('@', $username)[0] : $username;
+		}
 
 		if ($username !== '' &&
 			$username === $_SESSION['valid_username'] &&