double login check?

Yii 1.1 General Discussion
1

hi, apparently, my login system works just fine, but then, I wish to allow the user to login using

his/her email address not just the login name, but the same password, how should I do that in my code?

here’s what I have for the login

UserIdentity Class




class UserIdentity extends CUserIdentity

{

   $record = Wsmembers::model()->findByAttributes(array('WSLoginName' => $this->username));

   $email = Wsmembers::model()->findByAttributes(array('WSEmailConfirmed' => 0));

     

 		if($record === null)

			$this->errorCode = self::ERROR_USERNAME_INVALID;

		else if($record->WSLoginPassword !== sha1($this->password))

			$this->errorCode = self::ERROR_PASSWORD_INVALID;

		else if($email) 

			$this->errorCode = self::ERROR_EMAIL_INACTIVE;

		else 

		{

			$this->_id = $record->MemberShipID;

			$this->setState('name', $record->WSLoginName);

			$this->errorCode = self::ERROR_NONE;

		}

		return !$this->errorCode;

        }

	public function getId()

	{

		return $this->_id;

	}

}

LoginForm





class LoginForm extends CFormModel

{

	public $username;

	public $password;

	public $rememberMe;

	private $_identity;


	public function rules()

	{

		return array(

			// username and password are required

			array('username, password', 'required'),

			// rememberMe needs to be a boolean

			array('rememberMe', 'boolean'),

			// password needs to be authenticated

			array('password', 'authenticate', 'skipOnError'=>true),

		);

	}


	public function attributeLabels()

	{

		return array(

			'rememberMe'=>'Remember me next time',

		);

	}


	public function authenticate($attribute,$params)

	{

		$this->_identity=new UserIdentity($this->username,$this->password);

		if(!$this->_identity->authenticate())

			$this->addError('password','your username or password is incorrect OR <br />your email is not yet activated.');

	}


	public function login()

	{

		if($this->_identity===null)

		{

			$this->_identity=new UserIdentity($this->username,$this->password);

			$this->_identity->authenticate();

		}

		if($this->_identity->errorCode===UserIdentity::ERROR_EMAIL_INACTIVE)

		{

			$this->_identity = new UserIdentity($this->username,$this->password);

			$this->_identity->authenticate();

			#$this->addError('username', 'Account is not yet activated');

			

		}

       

		if($this->_identity->errorCode===UserIdentity::ERROR_NONE)

		{

			$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days

			Yii::app()->user->login($this->_identity,$duration);

			return true;

		}


		else

			return false;

	}

}
2

I would check for the ‘@’ character in $this->username, if it is present, make your $record find look in the WSEmailConfirmed field. If it is not present, then load from WSLoginName.

Obviously this only works if you don’t allow user names to contain the ‘@’ character !

Also, consider using Yii’s built in password crypter, sha1 is broken.