JILI 365 Casino Login Philippines.Enjoy Free 888+200 Daily Legal Bonus

Resolved Number One Fan
(@lubomir3000)

7 years, 2 months ago

Is there a way to force email-only login? If not, I can use the code from here: https://wordpress.stackexchange.com/questions/51678/how-to-login-with-email-only-no-username (not tested), but I fear that it could conflict with some functionality of the plugin.

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Stiofan
(@stiofansisland)

7 years, 2 months ago

Hi @lubomir3000,

Do you want to just change the text in the input field or actually disable username login also (if so why?)

Thanks,

Stiofan

Thread Starter Number One Fan
(@lubomir3000)

7 years, 2 months ago

I want to completely disable username login, because of two reasons:
1. You know that using email vs username for login, is a debated question and my personal preference is using email-only login.
2. UsersWP plugin exposes one’s username on their public profile page. As for me, that is a bad design decision, which allows a random attacker with brute force to guess only the password of an another user, because his/her username is clearly seen. Most users have simple passwords and if I force strong passwords, many will give up registration. Email-only login is a workaround for that.
Plugin Author Stiofan
(@stiofansisland)

7 years, 2 months ago
Hi @lubomir3000,

1. Yes, i prefer the email login so i understand your preference but for me its just restricting a choice of the user.
2. Just to be clear, email only login is 100% not a workaround for that.
WP uses the username in many places, its not considered private in any way.
Its exposed in places such as post author links, and comment author links to name just two.
Even if a user had never posted anything on a site a “hacker” could simply loop through all user IDs to find the username with mysite.com/?author=x with x being the user id such as mysite.com/?author=1 which will bring them to the author page exposing the username.

Anyway, the code below will restrict the field to email only. You can use a plugin such as “code snippets” to add this or simply add it to your child theme functions.php file.
```
add_filter('uwp_validate_result','_my_email_only_login',10,2);
function _my_email_only_login($result,$type){
  
   // check its a login we are validating, and there is not already and error
    if( $type == 'login' && !is_wp_error( $result ) && isset($result['uwp_login_username']) ){
        
        // if the username is not a email then throw an error
        if( !is_email( $result['uwp_login_username'] ) ){
            $errors = new WP_Error();
            $incorrect_email_error_msg = apply_filters('uwp_incorrect_email_error_msg', __('<strong>Error</strong>: The email address isn’t correct.', 'userswp'));
            $errors->add('invalid_email', $incorrect_email_error_msg);
            return $errors;
        }

    }
  
    return $result;
}
```
To change the input text the easiest way would be to use the plugin .mo/.po translations files to change the text “Username or Email” to “Email”.

If i can help further just let me know ??

Thanks,

Stiofan
Thread Starter Number One Fan
(@lubomir3000)

7 years, 1 month ago

The code works, thanks.
It is true that in WordPress there are many ways to find the username, but each of them can be tracked and blocked. If UsersWP is used you have no way to hide the username. As for me it would be better if the username/displayname shown to the public is something different from the real username for login.
So if I force an email only login I can’t see how one can still use a username to login.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Email-only login’ is closed to new replies.

Tags