The best reason to consider this change is to allow users to modify their username (profile title) at will, without impacting their login procedure. This is how MySpace works. Lots of users expect other communities to behave the same way.


=======modifications======
Test if login form input appears to be an email address
If YES, search for matching email adress in member database.
If NO, search matching username in member database.
Return username from database, rather than from login form
==========================


Replace this code (CB 1.1 approx Line #1403)

[code:1]

if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
$_CB_database->setQuery( "SELECT * "
. "\n FROM #__users u, "
. "\n #__comprofiler ue "
. "\n WHERE u.username='".$username."' AND u.id = ue.id"
);

[/code:1]

with this code:
modified to allow login with username or email address

[code:1]

if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
if(preg_match("/[\w\.\-]+@\w+[\w\.\-]*?\.\w{1,4}/", $username)){ //username=email addr
$_CB_database->setQuery( "SELECT * "
. "\n FROM #__users u, "
. "\n #__comprofiler ue "
. "\n WHERE u.email='".$username."' AND u.id = ue.id"
);
}else{ // no email in username
$_CB_database->setQuery( "SELECT * "
. "\n FROM #__users u, "
. "\n #__comprofiler ue "
. "\n WHERE u.username='".$username."' AND u.id = ue.id"
);
}

[/code:1]



Replace this code (CB 1.1 approx Line #1487)

[code:1]

if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below:
$mainframe->login( $username, cbHashPassword( $passwd2 ) );
} elseif ( checkJversion() == 1 ) { // Joomla 1.5 RC and above:
$mainframe->login( array( 'username' => $username, 'password' => $passwd2 ), array() );
} else {
$mainframe->login( $username, $passwd2 );
}

[/code:1]

with this code

[code:1]

if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below:
$mainframe->login( $row->username, cbHashPassword( $passwd2 ) );
} elseif ( checkJversion() == 1 ) { // Joomla 1.5 RC and above:
$mainframe->login( array( 'username' => $username, 'password' => $passwd2 ), array() );
} else {
$mainframe->login( $row->username, $passwd2 );
}

[/code:1]


====== Issues ==============

If your member changes his username to something that includes a space, he will not be able to enter his modified username for login (at that point only his email address will work properly). I suggest that you change the login error message to something like this...

Did you change your username, or cannot remember it? You can use your email address and password to login, or we can resend your login info by clicking <here>.

The "Forgot password" link requires a valid username and email in order to work. If users are changing their username from time to time, they may easily forget it. Perhaps this form should be changed to exclude username, and work with only the email address. Here is a thread on the subject
www.joomlapolis.com/component/option,com_joomlaboard/Itemid,/func,view/catid,42/id,47447/#47447



Ideally, I would like to see the 'login by email address' feature integrated into CB with admin control options.

Post edited by: bertm, at: 2007/11/20 02:05

So here is more of the solution. As I mentioned above, by changing login to email address, admins may set up their username field to work more like myspace, and users could really screw up their usernames with spaces and other invalid characters.

This complicates the issue of password recovery. The standard password recovery routine requires a valid email address AND username before it will generate and send a new password. This must be changed so that only a proper email address is required.

Changes required
1. remove username input field from lost password script
2. change language variable to remove reference to username
3. remove username from sql query
4. remove username from input validation command



=====remove username input field from lostpassword script========
comprofiler.html.php line 980, find

[code:1]
<tr>
<td><?php echo _PROMPT_UNAME; ?></td>
<td><input type="text" name="checkusername" class="inputbox" size="40" maxlength="15" /></td>
</tr>

[/code:1]

replace with

[code:1]
<!-- EDIT remove input field for username. Recover password using email only, other mods required.
<tr>
<td><?php echo _PROMPT_UNAME; ?></td>
<td><input type="text" name="checkusername" class="inputbox" size="40" maxlength="15" /></td>
</tr> -->

[/code:1]


=====Edit the language file string===============

find _NEW_PASS_DESC and exclude reference to username. change to:

"Please enter your e-mail address then click on the Send Password button.
You will receive a new password shortly. Use this new password to access the site."


=====prevent sql query from matching on username==================
comprofiler.php line 880, find

[code:1]
$_CB_database->setQuery( "SELECT id FROM #__users"
. "\nWHERE username='$checkusername' AND email='$confirmEmail'"

[/code:1]

change to

[code:1]
$_CB_database->setQuery( "SELECT id FROM #__users"
. "\nWHERE email='$confirmEmail'"

[/code:1]


======exclude username from input validation routine=============
comprofiler.php line 884, find

[code:1]
if (!($user_id = $_CB_database->loadResult()) || !$checkusername || !$confirmEmail) {

[/code:1]

change to

[code:1]
if (!($user_id = $_CB_database->loadResult()) || !$confirmEmail) {

[/code:1]

Have fun.

Post edited by: bertm, at: 2007/11/21 01:25

Has anyone else got this to work? I'm running CB 1.1 with joomla 1.5 stable, and followed these instructions. Doesn't seem to work for me though.

I am also using Joomla 1.5 stable, it doesn't work, i am being taken to the same login page, however if i enter a wrong password combination with the email as username, the system detects that i have invalid username or password.

But if i enter correct email addess and password, no message, it doesn't do anything, it just refresh the same page/

anyone find a way to figure this out?