I propose that users should be allowed to log in with either their username or their email address, similar to how this modification does it.
This doesn't really have many advantages, but it doesn't have any disadvantages, either. I've seen a few people request it, and I can see why it could be useful, so why not?
[RFC] Login with email
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [RFC] Login with email
Seeing that most other major auth systems are going with this model, i.e. Facebook, Twitter, etc., I like the idea. +1 from me.
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
Re: [RFC] Login with email
In order for this RFC to be possible, we would have to disallow email address reuse. Does anyone actually use it?
Re: [RFC] Login with email
to add some ideas:
Disadvantage:
currently, user can be named as email (for example "[email protected]" is valid username - BUT also valid email). This may be problematic, when someone registers with username matching your email.
To fix this, you will need to make some installation script checking usernames and emails - list conflicts and let admin decide, whether to delete/edit usernames, or emails.
Or it needs more ideas, what to do with conflicts...
Disadvantage:
currently, user can be named as email (for example "[email protected]" is valid username - BUT also valid email). This may be problematic, when someone registers with username matching your email.
To fix this, you will need to make some installation script checking usernames and emails - list conflicts and let admin decide, whether to delete/edit usernames, or emails.
Or it needs more ideas, what to do with conflicts...
Re: [RFC] Login with email
I'm all for that, what's the point anyway. I mean it's a bit convienient for developers and people testing on a local install, but why not just use [email protected] as an email when testingcallumacrae wrote:In order for this RFC to be possible, we would have to disallow email address reuse. Does anyone actually use it?
Only problem is, what about conversion of an older board, if there are multiple users on a board with the same email, there are gonna be conflicts.
That's not a problem is it? If someone wants to do that why not... You would have two matches, it would check to see if it matches the username, if matched then check password and login, if no match check the email, if matched, check the password and login. If no match, the of course you can't login If the email address and username is the same and it matches the when it checks username first they it don't matter.Senky wrote:to add some ideas:
Disadvantage:
<span>currently, user can be named as email (for example "<a class="linkclass" href="mailto:[email protected]">[email protected]</a>" is valid username - BUT also valid email). This may be problematic, when someone registers with username matching your email.</span>
To fix this, you will need to make some installation script checking usernames and emails - list conflicts and let admin decide, whether to delete/edit usernames, or emails.
Or it needs more ideas, what to do with conflicts...
Edit:. I see a bug in phpBB when I quoted it put in the HTML of that post.
Last edited by jsebean on Mon Apr 09, 2012 5:55 pm, edited 2 times in total.
-Jonah
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
Re: [RFC] Login with email
Yeah. I'm thinking that it would need a config option for login with email, and if there are multiple users with the same email, refuse to enable it.jsebean wrote:Only problem is, what about conversion of an older board, if there are multiple users on a board with the same email, there are gonna be conflicts.
It wouldn't work if they were different accounts, which (currently) is possible.That's not a problem is it? If someone wants to do that why not... it only might make it a bit more tricky on the code side of things since it would find two matches, but they would be the same account so it would work.
I would suggest disallowing valid email addresses as usernames, but then we've got the same problem with upgrades and conversions.
Re: [RFC] Login with email
You quoted me before I got a chance to edit... I gotta use the preview button more oftencallumacrae wrote:It wouldn't work if they were different accounts, which (currently) is possible.That's not a problem is it? If someone wants to do that why not... it only might make it a bit more tricky on the code side of things since it would find two matches, but they would be the same account so it would work.
I would suggest disallowing valid email addresses as usernames, but then we've got the same problem with upgrades and conversions.
-Jonah
Re: [RFC] Login with email
True.callumacrae wrote: It wouldn't work if they were different accounts, which (currently) is possible.
True.I would suggest disallowing valid email addresses as usernames, but then we've got the same problem with upgrades and conversions.
This is a neat idea but might not be practical the way phpBB is made. Maybe instead of using email, use the normal username, then use a seperate display name a user can choose, adds a little more security for bots trying to brute force an account, which is one advantage of using email for login. Though, if you allowed both username and email login the of course there's no advantage other than if a user forgot their username.
-Jonah
Re: [RFC] Login with email
You answered your own question there.callumacrae wrote: This doesn't really have many advantages, but it doesn't have any disadvantages, either. I've seen a few people request it, and I can see why it could be useful, so why not?
Re: [RFC] Login with email
It does have one advantage: it solves the "forgot my username" problem.