Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#15712] - Possibiltity to login with username OR email

?
avatar peterpeter
peterpeter
30 Apr 2017

On most (non Joomla!-)sites/shops were I'm registred there is the posibility to login with the username OR the registered email address (and the password). And I think this is a missing feature in Joomla!

I can do a PR, but first wanna here some other thoughts about it.

Ist it worth? Would it be a real addition, or more a security flaw? Should it be realised as an option (e.g. of com_users), as it is a bit less secure? Maybe only available in frontend? Or backend too?

What do you think?

avatar peterpeter peterpeter - open - 30 Apr 2017
avatar joomla-cms-bot joomla-cms-bot - labeled - 30 Apr 2017
avatar laoneo
laoneo - comment - 1 May 2017

Sounds like an interesting idea. More and more online services do allow multiple login options like username, email or telephone. Can't estimate the security impact.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15712.

avatar RickR2H
RickR2H - comment - 1 May 2017

I think this would be a nice feature to have! I suggest you create a PR.

avatar ot2sen
ot2sen - comment - 1 May 2017

Just a note that there are more extensions doing just that.
For example this one https://extensions.joomla.org/extensions/extension/access-a-security/site-access/authentication-email/

avatar franz-wohlkoenig franz-wohlkoenig - change - 1 May 2017
Priority Medium Low
Status New Discussion
avatar franz-wohlkoenig franz-wohlkoenig - change - 1 May 2017
Category Authentication Authentication Feature Request
avatar peterpeter
peterpeter - comment - 1 May 2017

Thanks for your thoughts. And the link.
But I think this should be a core feature and not provided by 3rd party - as it is common in many (or most) other web 'systems' as a standard.

The question is, should it be optional by configuration or fix inbuild and available to avoid to bother site-admins with one more thing to think, descide and configure.

The downside is a little decrease of security (email guessing), and thus the question, should the site admin able to descide or not.

avatar mbabker
mbabker - comment - 1 May 2017

It's fine as an extension (not every behavior must be included in the core package) and even if it were in core it must be a configurable item and not arbitrarily locked one way or the other.

avatar franz-wohlkoenig franz-wohlkoenig - change - 2 May 2017
Status Discussion Closed
Closed_Date 0000-00-00 00:00:00 2017-05-02 05:40:10
Closed_By franz-wohlkoenig
avatar joomla-cms-bot joomla-cms-bot - change - 2 May 2017
Closed_Date 2017-05-02 05:40:10 2017-05-02 05:40:11
Closed_By franz-wohlkoenig joomla-cms-bot
avatar joomla-cms-bot joomla-cms-bot - close - 2 May 2017
avatar joomla-cms-bot
joomla-cms-bot - comment - 2 May 2017

Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/15712

avatar franz-wohlkoenig
franz-wohlkoenig - comment - 2 May 2017

closed as having PR #15725

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15712.

Add a Comment

Login with GitHub to post a comment