I have noticed that it is possible for a user to login using the websiteMembership plugin with either their username or their email address. Is it possible to change this so that only their username is accepted?

I actually want to use email addresses values as usernames for most users but I will assign the email address value to username when the user registers.

Do I need to change any of the SQL?

For example:

`"SELECT `username`, `password` FROM `$accountsTable` WHERE password IN (?,?) AND ? IN (`username`,`email`)"`

`"SELECT `username`, `password` FROM `$accountsTable` WHERE password IN (?,?) AND ? IN (`username`)"`

Thank you,


Hi Dave,

Thanks for the advice.

The reason I started looking into this was because a user that was logging in with a username (e.g. admin) updated their password and then their username was set to their email address (e.g. admin@mydomain.com).

They then continued to login with their original username but when carrying out some actions they were being automatically  logged out. I wasn't sure if this was due to a conflict with the logins... can you think of anything that might be causing the user to be logged out?

I have now set the user's login back to the username and they haven't had any further issues as yet.



By Dave - November 15, 2018

Hi Greg, 

If you're using Website Membership, then on the signup and edit profile pages check for this setting and make sure it's set to true: 

$useUsernames = true; // Set this to false to disallow usernames, email will be used as username instead
Dave Edis - Senior Developer

Thanks, Dave - will do!