Skip to:
Content
Pages
Categories
Search
Top
Bottom

User E-Mail Address as Authentification when Signing up

  • Avatar of Roland Fauster
    Roland Fauster
    Participant

    @rfauster

    Hi

    I am currently building a site using the latest trunk version of BP 1.2 (you guys did a GREAT job – i worked on 1.1.3 before and so much has improved..

    What I want and sort of achieved is to use an email address as username when users sign up.. I am aware of discussions about security issues because of the blog names and this is not what i plan since i am going to use the user_nicename for this.

    Now in bp-core-signup.php on line 35 it says

    $account_details = wpmu_validate_user_signup( $_POST['signup_username'], $_POST['signup_email'] );

    which prevents me to simply use the standard form and just use a different label on the input field.

    when I comment this line out, it works fine but I dont want to mess with the Buddypress Core.

    My next approach (which also works) was to add this in the functions.php in my theme dir:

    function test () {

    }

    remove_filter ( ‘wpmu_validate_user_signup’, ‘signup_nonce_check’ );

    add_filter ( ‘wpmu_validate_user_signup’, ‘test’ );

    the problem i have with this is that I does what I want but I am concerned about security issues since eliminiating the nonce_check will open up a hole if I am right.

    Does anybody know of a better way to achieve what I am trying to do?

Viewing 18 replies - 1 through 18 (of 18 total)
  • Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    Avatar of Roland Fauster
    Roland Fauster
    Participant

    @rfauster

    This plugin does not help me.. I checked this already and its for LOGIN not Registering.

    logging in yeah, i can use it but first I need users with an email as username ;)

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    … its for LOGIN not Registering.

    logging in yeah, i can use it but first I need users with an email as username ;)

    That’s just a matter of restructuring the registration form (version 1.0 now, currently upgrading to 1.1.3). You can autogenerate the username from the fullname using this javascript trick and then hide the username field.

    Hacking core files to actually put email addresses in the username fields in the database is a recipe for disaster. Why do you want to do that? What am I missing?

    Avatar of Roland Fauster
    Roland Fauster
    Participant

    @rfauster

    Well I am not after hacking Core Files and that is not really what I am doing.. I am just working in the functions.php in my template directory.

    The reason why I want to use emails as (login)-usernames is that they are unique and I since services like google or facebook use the very same method I simply like the idea to give the user what he is used.

    More importantly (and this just came into my mind).. I am german and there are Names using “Umlaute” like ä, ö, ü..

    Now if I register a user whose name is “Björn”, the validation refuses to accept him. Also some users might be signing up with their full name like “Roland Fauster” as a username but bp or wp converts this to “rolandfauster” so the registration works with this however the user gets stored in the database as “rolandfauster” and can only login with this username whereas he can not be properly made aware of this (and if I display a message i am bound to accept that users don’t read what we stick in front of their faces :) )

    Thanx for the Links I will check these out and see if I can work with them!

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    You don’t have to convince me why it makes sense to use email address instead of username. This post was the start of a long a painful process for me. Trust me, that plugin does what you need and then all you need to do is restructure the form and pick a fix for the user URL etc.

    Avatar of Roland Fauster
    Roland Fauster
    Participant

    @rfauster

    Ok just for me to get it right.

    I need to do the custom registration with the javascript trick you posted and then use the plugin.

    I think I understand now.. the first custom registration basically generates a random username that gets stored in the database and the plugin pulls out the proper username based on the email and logs the user in..

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    The plugin works with or without any other trickery; it uses the email in the database for authentication and ignores the username. Try it on an unmodified installation. Works fine.

    The username is unnecessary. That’s why many modern sites don’t use them anymore. In WP/BP you still need something in the username database field because all kinds of functions rely on it, like the profile URL in BP or the ‘forgot password’ process. So you can’t just remove it entirely.

    My solution is to generate a username onkeyup from the fullname via Javascript on the registration form, hidden from view. In an earlier attempt I used a script that just autogenerated a gibberish username.

    Avatar of Roland Fauster
    Roland Fauster
    Participant

    @rfauster

    It all finally works now – THANK YOU VERY MUCH.

    I ended up using a completly random HASH for the UserName since I was not feeling safe using your JavaScript.

    This feature should be put in one of the future Releases of BuddyPress since indeed the concept of using Usernames to Login is old and with Features like Gravatar Support, the site itself should use email as the main auth form.

    Just for completion so somebody might want to do the same thing:

    I modified the register.php in registration subfolder like this

    .

    .

    .

    <!– Fool Registration that the Username is a Random Generated HASH –>

    <input type=”hidden” name=”signup_username” id=”signup_username” value=”<?php echo sha1( uniqid( mt_rand(), true ) . time() ) ?>” />

    <label for=”signup_email”><?php _e( ‘Email Address’, ‘buddypress’ ) ?> <?php _e( ‘(required)’, ‘buddypress’ ) ?></label>

    <?php do_action( ‘bp_signup_email_errors’ ) ?>

    <input type=”text” name=”signup_email” id=”signup_email” value=”<?php bp_signup_email_value() ?>” />

    .

    .

    .

    and used Beau Leben’s WP Email Plugin

    Avatar of applegateian
    applegateian
    Participant

    @applegateian

    This is perfect thanks @rfauster

    I realise this is a pretty old post now, and I have done what is mentioned here (including the email login plugin)

    It works perfectly, however the URL for a users profile is now http://sitename.com/members/e2cd18d97f62a5432557784b2f7e68957ad0f42e//profile

    I understand that email address wont work here, is there anything I Can do to make this more SEO friend/pretty?

    Thanks,

    Ian

    Avatar of applegateian
    applegateian
    Participant

    @applegateian

    Wondering if it is possible to use ‘USER_DISPLAY_NAME’ in the url somehow…?

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    @applegateian you won’t be able to remove the username from the URL because BP needs a unique string. If you had 3 or 4 users with the same display name then that would cause URL conflicts.

    Avatar of applegateian
    applegateian
    Participant

    @applegateian

    Thanks @henrywright-1 – I don’t want to remove it, just wondering if I can replace it with something more friendly – before I changed to the email address authentication it was of course /username, so I was hoping I could replace that string with ‘USER_DISPLAY_NAME’ and then maybe ‘USER_DISPLAY_NAME-1′ if there was a duplicate?

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    Hi @applegateian with user display name you have the problem of spaces in the URLs. I suppose it is possible but in my view it would mean quite a bit of custom code.

    Avatar of applegateian
    applegateian
    Participant

    @applegateian

    we’re looking at writing a simple plugin to user the Xprofile ‘Your Name’ that we have added, in the format of firstname-secondname-1 (-2 if a duplicate)

    If anyone finds it useful in the future let me know and we can share.

    Avatar of applegateian
    applegateian
    Participant

    @applegateian

    Thanks again @henrywright-1

    Avatar of carmeetsroad
    carmeetsroad
    Participant

    @carmeetsroad

    @applegateian Oh boy! that would be a great plugin

    Avatar of saulcoz
    saulcoz
    Participant

    @saulcoz

    Well I have a plugin – except that I can’t be arsed to release it as a plugin at the moment so I’ll just cut&paste the code here.

    2 things:
    1. it doesn’t replace the wp-email-login plugin or the login for hack above – it adds to them by simply forcing the username to be the same a field pulled from the Xprofile.
    2. It’s hardwired to a specific field name in @applegateian‘s project. You’ll need to edit the code to use your own field name because, like I say, I haven’t got time to turn it into a proper plugin. When I find the enthusiasm to do it properly I’ll create a plugin settings menu and stuff.

    <?php
    

    /*

    Plugin Name: XProfile to username
    

    Plugin URI: http://
    Description: Created for a specific project, this plugin copies a field from the user's Xprofile totheir username, ensuring first that it is unique by adding a digit to te end

    Version: 0.1
    

    Author: Saul Cozens

    Author URI: http://saulcozens.co.uk/wordpress
    
    */
    
    function xprofile_to_username($xp) {
    

    global $wpdb;

    
    

    $field_id = BP_XProfile_Field::get_id_from_name(‘Name/Company Name’);

    	if(!$field_id || $xp==null) {
    

    return;

    	}
    

    if($field_id == $xp->field_id) { // cover me, I’m going in

    		$new_username=strtolower(preg_replace('/[^\w\d]/','-', $xp->value));
    

    $existing_user_by_that_username=get_user_by(‘login’, $new_username);

    		if($existing_user_by_that_username && ($existing_user_by_that_username->ID !== $xp->user_id )) { // another user already has that login
    

    $i=1;

    			while(get_user_by('login', $new_username."-$i")) {
    

    $i+=1;

    			}
    

    $new_username.=”-$i”;

    		}
    

    $wpdb->update($wpdb->users, array(‘user_login’ => $new_username), array(‘ID’ => $xp->user_id));

    		return;
    

    }

    }
    

    add_action(‘xprofile_data_after_save’,’xprofile_to_username’);

    
    

    ?>

    Just put this is a file called xprofile-to-username.php in a folder called xprofile-to-username, activate it and Bob’s your uncle. Every time the user’s profile gets updated, their username will mirror the xprofile field (with hyphen instead of funny characters and numbers to remove any duplicates).

    Enjoy.

    Avatar of saulcoz
    saulcoz
    Participant

    @saulcoz

    damn it – badly formated the code – try this:

    <?php
    /*
    Plugin Name: XProfile to username
    Plugin URI: http://
    Description: Created for a specific project, this plugin copies a field from the user's Xprofile to their username, ensuring first that it is unique by adding a  digit to te end
    Version: 0.1
    Author: Saul Cozens
    Author URI: http://saulcozens.co.uk/wordpress
    
    */
    
    function xprofile_to_username($xp) {
    	global $wpdb;
    
    	$field_id = BP_XProfile_Field::get_id_from_name('Name/Company Name');
    	if(!$field_id || $xp==null) {
    		return;
    	}
    	if($field_id == $xp->field_id) { // cover me, I'm going in
    		$new_username=strtolower(preg_replace('/[^\w\d]/','-', $xp->value));
    		$existing_user_by_that_username=get_user_by('login', $new_username);
    		if($existing_user_by_that_username && ($existing_user_by_that_username->ID !== $xp->user_id )) { // another user already has that login
    			$i=1;
    			while(get_user_by('login', $new_username."-$i")) {
    				$i+=1;
    			}
    			$new_username.="-$i";
    		}
    		$wpdb->update($wpdb->users, array('user_login' => $new_username), array('ID' => $xp->user_id));
    		return;
    	}	
    }
    add_action('xprofile_data_after_save','xprofile_to_username');
    
    ?>
    
Viewing 18 replies - 1 through 18 (of 18 total)

You must be logged in to reply to this topic.