Email Address as Username

Can anyone advise if TOPH's method in anyway would reintroduce the security issues fixed by 3.1.8?

I just want to verify for example that the e-mail is still checked for non-allowed expressions so that no one can inject any javascript or anything..

Also, if amember generates the name, does it also generate the password?

Unique email

I am trying to prevent people from signing up using the same email. I have used the above method to use email as the login, but it allows me to signup again using the same email. Actually it udates the information in the db when I use the same email. I would like for an error to be thrown when someone tries this. I thought this function in mysql.inc.php

function check_uniq_login($login, $email='', $pass='', $check_type=0)

called in signup.php would keep someone from using the same email. But again it just overwrites the info in the db. Does anyone have an idea about how to test for unique emails in amember?

I'd replace it with this one, as it doesn't choke on emails like peter_griffin.junior@some.random_url.com or whatever the "offending" emails were that prompted me to improve that regex.

Code:

/^(([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6}$/

Here is a tutorial:

http://jlogica.com/forum/tutorials/article/23-login-using-username-or-email/

Sign up with an email

I saw a while back in this thread that perhaps signing up with just an email would work.


I use wordpress and I have a php based research app on the same site and amember protects both

what I'd like to do is when someone clicks on any member only area the resulting page:

/amember/plugins/protect/new_rewrite/login.php?v=-any&url=/PROTECTED_FOLDER/

Has the existing members login on one side and a quick first name and email only signup for a free basic account on the other side, like this site:
https://ma.secure.foreclosuresmass.com/account/

Any help appreciated

- post deleted

Hi all,
I used Miso's modifications and they're working wonderfully (thank you). The only issue is that the user is logged out of their session (since their login was changed). For usability's sake, does anyone know how to restart the session after their username (email) was changed? Thanks much - I can contribute if someone can get me started.

Another Possible Solution

I went with this solution. I found it to work well without having to worry about issues with using the email as their login. I left the system alone but added this code.

plugins/db/mysql/mysql.inc.php

PHP:

//new function to lookup their login name
//this way if they login with email or login it will return the login name
//so we can leave auth alone
function get_login_from_email($email) {
        $q = $this->query($s = "SELECT login
            FROM {$this->config['prefix']}members
            WHERE login='$email' or email='$email'
        ");
        list($login) = mysql_fetch_row($q);
        return $login;
    }


plugins/protect/php_include/check.inc.php

PHP:

//in the function _amember_check_access()
//change $l = $_POST['amember_login'] to...
$l = $db->get_login_from_email($_POST['amember_login']);


That worked like a charm. That way technically they still use their "login" to authenticate. But it still verifies it against the email if they pass one in.

Hope this helps

Bitlost:

When using the new "login as user" feature, I get the following error:

Fatal error: Call to undefined method db_mysql::get_login_from_email() in /<root dir omitted>/public_html/amember/plugins/protect/php_include/check.inc.php on line 68

To duplicate, Browse User, select any user, then click on Login as User (Amember 3.2.x or higher) - and see if you also get the same error.

Using this email address as login method.... is there a maximum length for the email address?

I just changed to it, and like it, but a few new subscribers that have longer email addresses can't get it to work.

I raise maximum characters to 60, but still stops at 32.

(32 is the max it was set at previously)

Why not just allow username or email logins?

anyone know what modifications have to be done to get this Email as Username login to work with .htpasswd/.htpasswd_shared plugins as well?

Brilliant! - regarding the code to allow email or login ID use