New Community Forums are coming. Watch this space for news.
Subscribe: RSS
  • I currently have a client that would like people to use their email address as their username to login to his site. Is this possible with WebLogin? Is it safe? Are there any other considerations I should be thinking about? Thanks!
    • I’ve done it with no problems.
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
      • I’ve just done it with some small mods to websignup.inc.php.
        It validates and cross checks the email / confirm email fields,
        then uses the confirm email field as the username.
        I also added a CC email to the client when someone registers.
        • Alright how should I go about it? Did you make the field validate as an email address? I’m assuming that basically you have them enter an email address twice and one of the entries is really for their username?
          • You replace lines around 46 -94 in websignup.inc.php with:
            	// check for duplicate email address
            	$sql = "SELECT internalKey FROM ".$modx->getFullTableName("web_user_attributes")." WHERE email='$email'";
            	if(!$rs = $modx->db->query($sql)){
            		$output = webLoginAlert(WL_ERRONCHECKEMAIL.$email).$tpl;
            		return;
            	} 
            	$limit = $modx->db->getRecordCount($rs);
            	if($limit>0) {
            		$row=$modx->db->getRow($rs);
            		if($row['internalKey']!=$id) {
            			$output = webLoginAlert(WL_EMAILINUSE).$tpl;
            			return;
            		}
            	}
            	
            	// verify email
            	if($email=='' || !ereg("^[-!#$%&'*+./0-9=?A-Z^_`a-z{|}~]+", $email)){
            		$output = webLoginAlert(WL_EMAILNOTVALID).$tpl;
            		return;
            	}
            	//verify email confirm
            	if($email != $modx->db->escape($_POST['username'])){
            		$output = webLoginAlert(WL_EMAILMISSMATCH).$tpl;
            		return;
            	}
            	// verify password
            	if ($_POST['password']!=$_POST['confirmpassword']) {
            		$output = webLoginAlert(WL_PASSMISSMATCH).$tpl;
            		return;
            	}
            
            	// check for duplicate user name
            	if($username=="") {
            		$output = webLoginAlert(WL_MISSINGUNAME).$tpl;
            		return;
            	}
            	else {
            		$sql = "SELECT id FROM ".$modx->getFullTableName("web_users")." WHERE username='$username'";
            		if(!$rs = $modx->db->query($sql)){
            			$output = webLoginAlert(WL_ERRONCKECHUNAME.$username).$tpl;
            			return;
            		} 
            		$limit = $modx->db->getRecordCount($rs);
            		if($limit>0) {
            			$output = webLoginAlert(WL_UNAMEISUSED).$tpl;
            			return;
            		}		
            	}

            This changes the order of checking the db records, checking the email before the username.
            Also it checks the the email against the username.
            In my register template I have the username field labelled as confirm email like this:
                    <label class="left" for="username">Confirm email: </label>
            <input class="right" type="text" name="username" id="username" tabindex="3" size="40" value="[+username+]" />
            • Hmm, so my only problem is that I am using WebLoginPE, but I think your code can still help me. I’ll give it a shot.
              • Ah, sorry didn’t realise you were using WebloginPE.
                I had some issues with it and didn’t need the added features so used its daddy.
                • Update on this code:

                  Replace lines 48-85 with this code, instead of the above:

                  // check for duplicate email address
                  	$sql = "SELECT internalKey FROM ".$modx->getFullTableName("web_user_attributes")." WHERE email='$email'";
                  	if(!$rs = $modx->db->query($sql)){
                   	   $output = webLoginAlert(WL_ERRONCHECKEMAIL.$email).$tpl;
                   	   return;
                  	} 
                  	$limit = $modx->db->getRecordCount($rs);
                  	if($limit>0) {
                  	    $row=$modx->db->getRow($rs);
                   	   if($row['internalKey']!=$id) {
                   	       $output = webLoginAlert(WL_EMAILINUSE).$tpl;
                   	       return;
                   	   }
                  	}
                   	if($email=='' || !preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i", $email)){
                          $output = webLoginAlert("E-mail address doesn't seem to be valid!").$tpl;
                          return;
                      }
                  	//verify email confirm
                  	if($email != $modx->db->escape($_POST['username'])){
                   	   $output = webLoginAlert(WL_EMAILMISSMATCH).$tpl;
                   	   return;
                  	}
                  	// verify password
                  	if ($_POST['password']!=$_POST['confirmpassword']) {
                     		$output = webLoginAlert(WL_PASSMISSMATCH).$tpl;
                      	return;
                  	}
                   
                  	// check for duplicate user name
                  	if($username=="") {
                      	$output = webLoginAlert(WL_MISSINGUNAME).$tpl;
                      	return;
                  	}
                  	else {
                      	$sql = "SELECT id FROM ".$modx->getFullTableName("web_users")." WHERE username='$username'";
                      	if(!$rs = $modx->db->query($sql)){
                          	$output = webLoginAlert(WL_ERRONCKECHUNAME.$username).$tpl;
                          	return;
                      	} 
                      	$limit = $modx->db->getRecordCount($rs);
                      	if($limit>0) {
                          	$output = webLoginAlert(WL_UNAMEISUSED).$tpl;
                          	return;
                      	}       
                  	}
                  


                  This changes the order of checking the db records, checking the email before the username.
                  Also it checks the the email against the username.

                  In register template, change field labeled as confirm email like this:

                  <tr>
                                <td>Confirm Email address:*</td>
                                <td>
                                <input type="text" name="username" class="inputBox" style="width:300px" size="20" value="[+username+]"></td>
                              </tr>
                  


                  The reason for the difference is this snippet has been updated, which fixed ereg deprecation.
                  • Correction. Lines 48-85