Jedijon Posted March 8, 2019 Share Posted March 8, 2019 How to add the ability to login with username or email for login? <?php ob_start(); include('../header.php'); include_once("../db_connect.php"); session_start(); if(isset($_SESSION['user_id'])!="") { header("Location: ../dashboard"); } if (isset($_POST['login'])) { $email = mysqli_real_escape_string($conn, $_POST['email']); $password = mysqli_real_escape_string($conn, $_POST['password']); $result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'"); if ($row = mysqli_fetch_array($result)) { $_SESSION['user_id'] = $row['uid']; $_SESSION['user_name'] = $row['user']; $_SESSION['user_email'] = $row['email']; header("Location: ../dashboard"); } else { $error_message = "Incorrect Email or Password!!!"; } } ?> Link to comment Share on other sites More sharing options...
requinix Posted March 9, 2019 Share Posted March 9, 2019 Don't allow @s in usernames, then you can easily check what the value is supposed to represent and decide which column to check against. This is better than a simple "email = value or username = value" because... well, I don't know if I have concrete reasons that can be written out, but to me it feels better. Instinct. Link to comment Share on other sites More sharing options...
maxxd Posted March 9, 2019 Share Posted March 9, 2019 I have to disagree with @requinix about this - I find limiting the characters in usernames ickier than checking against both the username and email addresses. There should only be one instance of the email and the username in the database - remember, that's one instance each and not a combination of both. So if either exists in the database and the password matches, there's a not insubstantial assurance that it's the correct registered user. Link to comment Share on other sites More sharing options...
requinix Posted March 9, 2019 Share Posted March 9, 2019 Fair enough. I get the practicality of saying either/or, it's easy enough and doesn't require a variety of if/else checks. But usernames should be filtered to some degree - no "admin" or "administrator" or other misleading terms that may be relevant to the application (eg, "moderator", "author"), and allowing anything Unicode is funny when you consider emojis but scary if it also allows non-printables. Link to comment Share on other sites More sharing options...
maxxd Posted March 9, 2019 Share Posted March 9, 2019 Excellent point about unicode and non-printable characters. And while I do agree there should be at least some sort of warning to people that obvious usernames should be avoided, I'd also say the user roles should be relevant to the application, not user names. So 'admin' , 'moderator', etc. are perfectly acceptable user roles and user names because the one has no bearing on the other. That being said, there's nothing at all wrong with dictating which should be used for logging in - and doing so minimizes chances of logic errors during the process. Link to comment Share on other sites More sharing options...
Barand Posted March 9, 2019 Share Posted March 9, 2019 Even with unique constraints on username and on email, without restrictions on usernames you could potentially have this situation +------------+---------------+-----------------+------------------+ | Emp ID | Username | Email | Password | +------------+---------------+-----------------+------------------+ | 1 | joe@abc.com | bloggsj@abc.com | s3cr3t | | 2 | jsmith@abc.com| joe@abc.com | s3cr3t | +------------+---------------+-----------------+------------------+ Your query would then find both employees Also, many companies use the convention that an employee's email address is <username> @ <domainname> The presence of @ in the username would render the address invalid. Link to comment Share on other sites More sharing options...
maxxd Posted March 9, 2019 Share Posted March 9, 2019 That is true... Link to comment Share on other sites More sharing options...
Jedijon Posted March 9, 2019 Author Share Posted March 9, 2019 How would you do this? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.