login

I noticed that dolphin allows you to login using either your email address or username.

Is there a way to disallow login using username?

This is not tested, so make a backup.

inc\classes\BxDolProfile.php

About line 169. Modify the function getID

Comment out the section of code marked.

function getID( $vID, $bWithEmail = 1 )
{
$oPDb = new BxDolProfileQuery();

if ( $bWithEmail )
{
if ( eregi("^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,4}$", $vID) )
{
$aMail = $oPDb -> getIdByEmail( $vID );
if ( (int)$aMail['ID'] )
{
return (int)$aMail['ID'];
}
}
}

/*
$iID = (int)$vID;
if ( strcmp("$vID", "$iID") == 0 )
{
return $iID;
}
else
{
$aNick = $oPDb -> getIdByNickname( $vID );
if ( (int)$aNick['ID'] )
{
return (int)$aNick['ID'];
}
}
*/
return false;
}

I forgot to mention. Dolphin actually allows you to log on 3 different ways.

1) Nickname

2) Email Address

3) Member ID


This code change should disable both ID and Nickname leaving only email logon.

I finally had the time to try this. Unfortunately it didn't work. I made a backup and commented out the lines you said. Then I restarted my web service. It still let me login using the username.

I had to revert it back because after I applied the above, I couldn't view a profile by typing out the person's "permalink"...for instance www.mydomain.com/username.

It would just go to a blank page.

Ok. I'll look into this a bit more when i have the time.

Ok. I found a way to do this.

This will restrict logons to email address only.


Open member.php and look for the following at around line 481. Make a backup first.

// --------------- GET/POST actions

$member['ID']        = $_POST['ID'];
$member['Password']   = md5( process_pass_data( $_POST['Password'] ) );

$bAjxMode = ( isset( $_SERVER['HTTP_X_REQUESTED_WITH'] ) and $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' ) ? true : false;



Make it look like this by adding the marked lines.

// --------------- GET/POST actions

$member['ID']        = $_POST['ID'];
$member['Password']   = md5( process_pass_data( $_POST['Password'] ) );

// deano mod. Reject if id is not a email address
if (intval(strpos($_POST['ID'],"@")) == 0 ) {
$member['ID'] = '';
}
// deano mod end

$bAjxMode = ( isset( $_SERVER['HTTP_X_REQUESTED_WITH'] ) and $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' ) ? true : false;





This can be done for D7 as well.

Wow thanks Deano! Haven't tested it yet because I'm having someone connect to my virtual test server to fix a different issue. As soon as that is done I'm going to try this out.

I greatly appreciate the help.

I went ahead and just applied it to the live server. It worked awesome.

Thanks again.

Does it work with 7.0.8?

Yes it does. The lines of code are located down around 635.