[RFC] Login with email

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

[RFC] Login with email

Post by callumacrae »

I propose that users should be allowed to log in with either their username or their email address, similar to how this modification does it.

This doesn't really have many advantages, but it doesn't have any disadvantages, either. I've seen a few people request it, and I can see why it could be useful, so why not?
Made by developers, for developers!
My blog

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC] Login with email

Post by DavidIQ »

Seeing that most other major auth systems are going with this model, i.e. Facebook, Twitter, etc., I like the idea. +1 from me.
Image

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: [RFC] Login with email

Post by callumacrae »

In order for this RFC to be possible, we would have to disallow email address reuse. Does anyone actually use it?
Made by developers, for developers!
My blog

Senky
Extension Customisations
Extension Customisations
Posts: 315
Joined: Thu Jul 16, 2009 4:41 pm

Re: [RFC] Login with email

Post by Senky »

to add some ideas:

Disadvantage:
currently, user can be named as email (for example "[email protected]" is valid username - BUT also valid email). This may be problematic, when someone registers with username matching your email.

To fix this, you will need to make some installation script checking usernames and emails - list conflicts and let admin decide, whether to delete/edit usernames, or emails.
Or it needs more ideas, what to do with conflicts...

User avatar
jsebean
Registered User
Posts: 165
Joined: Wed Nov 17, 2010 1:40 am
Location: Atlantic Canada

Re: [RFC] Login with email

Post by jsebean »

callumacrae wrote:In order for this RFC to be possible, we would have to disallow email address reuse. Does anyone actually use it?
I'm all for that, what's the point anyway. I mean it's a bit convienient for developers and people testing on a local install, but why not just use [email protected] as an email when testing :P

Only problem is, what about conversion of an older board, if there are multiple users on a board with the same email, there are gonna be conflicts.
Senky wrote:to add some ideas:

Disadvantage:
<span>currently, user can be named as email (for example "<a class="linkclass" href="mailto:[email protected]">[email protected]</a>" is valid username - BUT also valid email). This may be problematic, when someone registers with username matching your email.</span>

To fix this, you will need to make some installation script checking usernames and emails - list conflicts and let admin decide, whether to delete/edit usernames, or emails.
Or it needs more ideas, what to do with conflicts...
That's not a problem is it? If someone wants to do that why not... You would have two matches, it would check to see if it matches the username, if matched then check password and login, if no match check the email, if matched, check the password and login. If no match, the of course you can't login :P If the email address and username is the same and it matches the when it checks username first they it don't matter.


Edit:. I see a bug in phpBB when I quoted it put in the HTML of that post.
Last edited by jsebean on Mon Apr 09, 2012 5:55 pm, edited 2 times in total.
-Jonah

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: [RFC] Login with email

Post by callumacrae »

jsebean wrote:Only problem is, what about conversion of an older board, if there are multiple users on a board with the same email, there are gonna be conflicts.
Yeah. I'm thinking that it would need a config option for login with email, and if there are multiple users with the same email, refuse to enable it.
That's not a problem is it? If someone wants to do that why not... it only might make it a bit more tricky on the code side of things since it would find two matches, but they would be the same account so it would work.
It wouldn't work if they were different accounts, which (currently) is possible.

I would suggest disallowing valid email addresses as usernames, but then we've got the same problem with upgrades and conversions.
Made by developers, for developers!
My blog

User avatar
jsebean
Registered User
Posts: 165
Joined: Wed Nov 17, 2010 1:40 am
Location: Atlantic Canada

Re: [RFC] Login with email

Post by jsebean »

callumacrae wrote:
That's not a problem is it? If someone wants to do that why not... it only might make it a bit more tricky on the code side of things since it would find two matches, but they would be the same account so it would work.
It wouldn't work if they were different accounts, which (currently) is possible.

I would suggest disallowing valid email addresses as usernames, but then we've got the same problem with upgrades and conversions.
You quoted me before I got a chance to edit... I gotta use the preview button more often :P
-Jonah

User avatar
jsebean
Registered User
Posts: 165
Joined: Wed Nov 17, 2010 1:40 am
Location: Atlantic Canada

Re: [RFC] Login with email

Post by jsebean »

callumacrae wrote: It wouldn't work if they were different accounts, which (currently) is possible.
True.
I would suggest disallowing valid email addresses as usernames, but then we've got the same problem with upgrades and conversions.
True.

This is a neat idea but might not be practical the way phpBB is made. Maybe instead of using email, use the normal username, then use a seperate display name a user can choose, adds a little more security for bots trying to brute force an account, which is one advantage of using email for login. Though, if you allowed both username and email login the of course there's no advantage other than if a user forgot their username.
-Jonah

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] Login with email

Post by Oleg »

callumacrae wrote: This doesn't really have many advantages, but it doesn't have any disadvantages, either. I've seen a few people request it, and I can see why it could be useful, so why not?
You answered your own question there.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: [RFC] Login with email

Post by naderman »

It does have one advantage: it solves the "forgot my username" problem.

Post Reply