Login using e-mail rather than username (and general login issues)

[adrian]

Thanks for posting @Can - I am curious though - did you try: 

Does this no longer work?

[Can]

haven't checked this threat actually, but as far as i understand i'm doing the same?! ;-)

[modifiedcontent]

I have tried to do this with:

$finduser = $users->get( $input->post->email  );
$user = $finduser->user;

But get a server error. Is the approach obviously wrong or should I look for silly syntax errors?

Email address should be unique imho. More and more organizations, including banks etc., use email address as the main unique identifier.

Edit:

$finduser->user; should have been $finduser->name

[adrian]

Just do:

$user = $users->get("email=".$input->post-email);

 

[Can]

 

$user = $users->get("email=".$input->post->email('email'));

this will email sanitize the email input field value combining WireInput and WireSanitizer ;-)

[adrian]

Good tip @Can

For those interested, here is the blog post about sanitizing directly with $input: https://processwire.com/blog/posts/processwire-2.6.14-brings-major-enhancements-to-sanitizer-and-input-api-variables/#sanitizer-and-input-are-now-a-couple

[eangulo]

Hi guys,

I want to share what I found working on my custom front-end email login:  

Even if no user were found for the submit email, Processwire should check for login because the login throttle api will be triggered and it will prevent multiple login tries. If the $session->login() is only called when the email owner is found, then the login throttle api will not be triggered and that tells requesters that a user with the email they try to login exists or not in your DB.

 

 

/**
* Login a user with the given name and password
*
* @param string $email
* @param string $password
*
* @return bool|string
*
*/
public static function signIn(string $email, string $password) {
	$signedIn = false;

	if(!empty($email) && !empty($password)) {
		// taken from ProcessLogin->execute();
		if($email = wire("sanitizer")->email($email)) {
			$emailUser = wire("users")->get("email=$email");
			$name = "";

			if($emailUser->id) {
				$name = $emailUser->get("name");
			}

			$password = substr($password, 0, 128);

			try {
				/**
                 * even if the user is not found, try a login with a empty username 
                 * because the Processwire Login throttle API will be triggered and 
                 * prevent multiple login tries on the same email
                 */                          
				$result = wire("session")->login($name, $password);

				if($result instanceof User) {
					$signedIn = true;
				}
			} catch(\Exception $exception) {
				return $exception->getMessage();
			}
		}
	}

	return $signedIn;
}

 

Look at pw_login_throttle_api_nessage.png for the message it will return if many tries are made.

 

Thanks hope this help.