Hello,

I have noticed that it is possible for a user to login using the websiteMembership plugin with either their username or their email address. Is it possible to change this so that only their username is accepted?

I actually want to use email addresses values as usernames for most users but I will assign the email address value to username when the user registers.

Do I need to change any of the SQL?

For example:

Change: 
`"SELECT `username`, `password` FROM `$accountsTable` WHERE password IN (?,?) AND ? IN (`username`,`email`)"`

To:
`"SELECT `username`, `password` FROM `$accountsTable` WHERE password IN (?,?) AND ? IN (`username`)"`

Thank you,

Greg

By Dave - November 15, 2018

Hi Greg, 

A couple options:

  • We don't support just checking one field, but you could modify the code as you suggest.  If you do so I'd recommend creating a text file called _CUSTOM_CHANGES_.txt in the plugins directory that details your changes so they can be recreated when/if you upgrade the plugin
  • If it's working as is, you can also just leave that functionality in there.  If the users can't set a username then they won't be able to login with it.

Hope that helps, let me know any questions.

Dave Edis - Senior Developer
interactivetools.com

Hi Dave,

Thanks for the advice.

The reason I started looking into this was because a user that was logging in with a username (e.g. admin) updated their password and then their username was set to their email address (e.g. admin@mydomain.com).

They then continued to login with their original username but when carrying out some actions they were being automatically  logged out. I wasn't sure if this was due to a conflict with the logins... can you think of anything that might be causing the user to be logged out?

I have now set the user's login back to the username and they haven't had any further issues as yet.

Thanks,

Greg

By Dave - November 15, 2018

Hi Greg, 

If you're using Website Membership, then on the signup and edit profile pages check for this setting and make sure it's set to true: 

$useUsernames = true; // Set this to false to disallow usernames, email will be used as username instead
Dave Edis - Senior Developer
interactivetools.com

Thanks, Dave - will do!

Regards,

Greg