Jump to content
Jedijon

How to add the ability to login with username or email for login?

Recommended Posts

How to add the ability to login with username or email for login?

 

<?php 
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
	header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$password = mysqli_real_escape_string($conn, $_POST['password']);
	$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
	if ($row = mysqli_fetch_array($result)) {
		$_SESSION['user_id'] = $row['uid'];
		$_SESSION['user_name'] = $row['user'];	
		$_SESSION['user_email'] = $row['email'];		
		header("Location: ../dashboard");
	} else {
		$error_message = "Incorrect Email or Password!!!";
	}
}
?>

 

Share this post


Link to post
Share on other sites

Don't allow @s in usernames, then you can easily check what the value is supposed to represent and decide which column to check against.

This is better than a simple "email = value or username = value" because... well, I don't know if I have concrete reasons that can be written out, but to me it feels better. Instinct.

Share this post


Link to post
Share on other sites

I have to disagree with @requinix about this - I find limiting the characters in usernames ickier than checking against both the username and email addresses. There should only be one instance of the email and the username in the database - remember, that's one instance each and not a combination of both. So if either exists in the database and the password matches, there's a not insubstantial assurance that it's the correct registered user.

Share this post


Link to post
Share on other sites

Fair enough. I get the practicality of saying either/or, it's easy enough and doesn't require a variety of if/else checks. But usernames should be filtered to some degree - no "admin" or "administrator" or other misleading terms that may be relevant to the application (eg, "moderator", "author"), and allowing anything Unicode is funny when you consider emojis but scary if it also allows non-printables.

Share this post


Link to post
Share on other sites

Excellent point about unicode and non-printable characters. And while I do agree there should be at least some sort of warning to people that obvious usernames should be avoided, I'd also say the user roles should be relevant to the application, not user names. So 'admin' , 'moderator', etc. are perfectly acceptable user roles and user names because the one has no bearing on the other.

That being said, there's nothing at all wrong with dictating which should be used for logging in - and doing so minimizes chances of logic errors during the process.

Share this post


Link to post
Share on other sites
Posted (edited)

Even with unique constraints on username and on email, without restrictions on usernames you could potentially have this situation

+------------+---------------+-----------------+------------------+
| Emp ID     | Username      | Email           | Password         |
+------------+---------------+-----------------+------------------+
|     1      | joe@abc.com   | bloggsj@abc.com | s3cr3t           |
|     2      | jsmith@abc.com| joe@abc.com     | s3cr3t           |
+------------+---------------+-----------------+------------------+


Your query would then find both employees

 

Also, many companies use the convention that an employee's email address is

<username> @ <domainname>

The presence of @ in the username would render the address invalid.

Edited by Barand
spulling error

Share this post


Link to post
Share on other sites

That is true...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.