Use Email as username for WebLogin?

62 Posts

rynoceris Reply #1, 15 years, 11 months ago

I currently have a client that would like people to use their email address as their username to login to his site. Is this possible with WebLogin? Is it safe? Are there any other considerations I should be thinking about? Thanks!

☆ A M B ☆
24,524 Posts

sottwell Reply #2, 15 years, 11 months ago

I’ve done it with no problems.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

2,310 Posts

bunk58 Reply #3, 15 years, 11 months ago

I’ve just done it with some small mods to websignup.inc.php.
It validates and cross checks the email / confirm email fields,
then uses the confirm email field as the username.
I also added a CC email to the client when someone registers.

62 Posts

rynoceris Reply #4, 15 years, 11 months ago

Alright how should I go about it? Did you make the field validate as an email address? I’m assuming that basically you have them enter an email address twice and one of the entries is really for their username?

2,310 Posts

bunk58 Reply #5, 15 years, 11 months ago

You replace lines around 46 -94 in websignup.inc.php with:

	// check for duplicate email address
	$sql = "SELECT internalKey FROM ".$modx->getFullTableName("web_user_attributes")." WHERE email='$email'";
	if(!$rs = $modx->db->query($sql)){
		$output = webLoginAlert(WL_ERRONCHECKEMAIL.$email).$tpl;
		return;
	} 
	$limit = $modx->db->getRecordCount($rs);
	if($limit>0) {
		$row=$modx->db->getRow($rs);
		if($row['internalKey']!=$id) {
			$output = webLoginAlert(WL_EMAILINUSE).$tpl;
			return;
		}
	}
	
	// verify email
	if($email=='' || !ereg("^[-!#$%&'*+./0-9=?A-Z^_`a-z{|}~]+", $email)){
		$output = webLoginAlert(WL_EMAILNOTVALID).$tpl;
		return;
	}
	//verify email confirm
	if($email != $modx->db->escape($_POST['username'])){
		$output = webLoginAlert(WL_EMAILMISSMATCH).$tpl;
		return;
	}
	// verify password
	if ($_POST['password']!=$_POST['confirmpassword']) {
		$output = webLoginAlert(WL_PASSMISSMATCH).$tpl;
		return;
	}

	// check for duplicate user name
	if($username=="") {
		$output = webLoginAlert(WL_MISSINGUNAME).$tpl;
		return;
	}
	else {
		$sql = "SELECT id FROM ".$modx->getFullTableName("web_users")." WHERE username='$username'";
		if(!$rs = $modx->db->query($sql)){
			$output = webLoginAlert(WL_ERRONCKECHUNAME.$username).$tpl;
			return;
		} 
		$limit = $modx->db->getRecordCount($rs);
		if($limit>0) {
			$output = webLoginAlert(WL_UNAMEISUSED).$tpl;
			return;
		}		
	}

This changes the order of checking the db records, checking the email before the username.
Also it checks the the email against the username.
In my register template I have the username field labelled as confirm email like this:

        <label class="left" for="username">Confirm email: </label>
<input class="right" type="text" name="username" id="username" tabindex="3" size="40" value="[+username+]" />

62 Posts

rynoceris Reply #6, 15 years, 11 months ago

Hmm, so my only problem is that I am using WebLoginPE, but I think your code can still help me. I’ll give it a shot.

2,310 Posts

bunk58 Reply #7, 15 years, 11 months ago

Ah, sorry didn’t realise you were using WebloginPE.
I had some issues with it and didn’t need the added features so used its daddy.

65 Posts

nuwebstudios Reply #8, 11 years, 9 months ago

Update on this code:

Replace lines 48-85 with this code, instead of the above:

// check for duplicate email address
	$sql = "SELECT internalKey FROM ".$modx->getFullTableName("web_user_attributes")." WHERE email='$email'";
	if(!$rs = $modx->db->query($sql)){
 	   $output = webLoginAlert(WL_ERRONCHECKEMAIL.$email).$tpl;
 	   return;
	} 
	$limit = $modx->db->getRecordCount($rs);
	if($limit>0) {
	    $row=$modx->db->getRow($rs);
 	   if($row['internalKey']!=$id) {
 	       $output = webLoginAlert(WL_EMAILINUSE).$tpl;
 	       return;
 	   }
	}
 	if($email=='' || !preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i", $email)){
        $output = webLoginAlert("E-mail address doesn't seem to be valid!").$tpl;
        return;
    }
	//verify email confirm
	if($email != $modx->db->escape($_POST['username'])){
 	   $output = webLoginAlert(WL_EMAILMISSMATCH).$tpl;
 	   return;
	}
	// verify password
	if ($_POST['password']!=$_POST['confirmpassword']) {
   		$output = webLoginAlert(WL_PASSMISSMATCH).$tpl;
    	return;
	}
 
	// check for duplicate user name
	if($username=="") {
    	$output = webLoginAlert(WL_MISSINGUNAME).$tpl;
    	return;
	}
	else {
    	$sql = "SELECT id FROM ".$modx->getFullTableName("web_users")." WHERE username='$username'";
    	if(!$rs = $modx->db->query($sql)){
        	$output = webLoginAlert(WL_ERRONCKECHUNAME.$username).$tpl;
        	return;
    	} 
    	$limit = $modx->db->getRecordCount($rs);
    	if($limit>0) {
        	$output = webLoginAlert(WL_UNAMEISUSED).$tpl;
        	return;
    	}       
	}

This changes the order of checking the db records, checking the email before the username.
Also it checks the the email against the username.

In register template, change field labeled as confirm email like this:

<tr>
              <td>Confirm Email address:*</td>
              <td>
              <input type="text" name="username" class="inputBox" style="width:300px" size="20" value="[+username+]"></td>
            </tr>

The reason for the difference is this snippet has been updated, which fixed ereg deprecation.

65 Posts

nuwebstudios Reply #9, 11 years, 9 months ago

Correction. Lines 48-85