How to modify dolphin login to accept only Email and Password

I wanted to modify my dolphin to only accept email and password for login. No username or member ID number.

I was told to do the following:

Hello open the - inc/admin.inc.php

find this function there:

function getID( $str, $with_email = 1 ) {
    if ( $with_email ) {
        if ( eregi("^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,4}$", $str) ) {
            $str = process_db_input($str);
            $mail_arr = db_arr( "SELECT `ID` FROM `Profiles` WHERE `Email` = '$str'" );
            if ( (int)$mail_arr['ID'] ) {
                return (int)$mail_arr['ID'];
            }
        }
    }

    $str = process_db_input($str);
    $iID = (int)db_value( "SELECT `ID` FROM `Profiles` WHERE `NickName` = '$str'" );
   
    if(!$iID) {
        $aProfile = getProfileInfo($str);
        $iID = isset($aProfile['ID']) ? $aProfile['ID'] : 0;
    }
    return $iID;
}

and replace with :

function getID($str) {
    $str = process_db_input($str);
    $aItem = db_arr( "SELECT `ID` FROM `Profiles` WHERE `Email` = '$str' OR `ID` = '$str' LIMIT 1" );
    if ( (int)$aItem['ID'] ) {
        return (int)$aItem['ID'];
    }
}

-------------------------------------------------------------------------------------

The problem with this modification is that it caused profiles to not be viewable. It would error out with something like "this profile is not available for viewing". I was then able to load profiles using userID number instead of the permalink URL.

So the modification listed above appeared to have messed up permalinks for only profiles. Everything else worked fine. Alex T had logged in and identified the modification of getID as the cause of the problem. So the modification was reversed.

Does anyone know of a way to modify dolphin so that the login accepts only email and password, while not messing up anything else?

This post seems to be old but this is perfectly valid today. Does anyone have a solution for this? I would like to implement this to improve security.

Could you explain how this improves security?

When Dolphin is installed, admin had ID# 1. So, there is an advantage there for malicious people, where they only have to figure out the password. But having only emails in that field, makes the breaking task more difficult. I'm new to Dolphin, but when i knew I can put 1 and my password, I freaked out. 

try this

edit member.php on line around 364

$oZ = new BxDolAlerts('profile', 'before_login', 0, 0, array('login' => $member['ID'], 'password' => $member['Password'], 'ip' => getVisitorIP()));
$oZ->alert();

add this just after this ^

if(!filter_var($member['ID'], FILTER_VALIDATE_EMAIL)) {
    exit('Fail');
}

bah....of course i didn't tested. I am too lazy to do that.

Ok - I'll try it. Thanks.

WOW!!! This was perfect... Thank you so much. 

 Nice catch on that one, I never realized that, always used username to login.

But, not to hijack or anything - does anyone know of a way to restrict using the member id and forcing username or email only?

if(is_numeric($member['ID'])) {
    exit('Fail');
}

User number 1 does not have to be an admin.  My admin account is not member 1.

 thanks, but I had to remove the ! - or it was saying to only accept numerical values - but again, thanks, cause without your help I would have never figured it out on my own.

 er....my bad...someone edit the post please and remove the ! for future readers. Thanks

Edit done..

 thanks

 Very nice, but I'm struggling to change the "Username" caption above the input field at the login form. Could you enlight me about?

 Edit this key "_NickName" is for the login popup.

yoursite.com/administration/lang_file.php?&filter=_NickName

 Thank you, newton27! I've created a new key and changed the source code, as I don't know where the key "_Nickname" is used. My fault was to change the lang-en.php directly, I think. How to make the system "recompile" key definitions in this file? Using the administration console to add the lang key was fine.

 A deep find answered me :-)

Back to standard!

Old thread but seems relevant to ask for updated insight. Can't I just remove the "nickname" from the join form fields builder entirely. By that I mean can a member sign up and complete it having never seen or filling out the nickname (aka user name) field.

I noticed the login allows both user name or email (or user ID apparently which I've never seen anyone use). But again if the member never completes the user name will all be fine or do you need to make som code changes

Thanks for the wisdom and insight in advance.

To partially answer my own question -- I removed nickname (username) completely from the join forms. Then did a new sign-up and everything worked beautifully. So in the joining process no snags.

Anyone no of any irreparable harm I may inadvertently be doing to the space and time continuum accomplishing this change in such an easy way? 

I'm running Dolphin pro and i had to keep the ! in the code. Works like a charm. Ty guys

Obviously the code tweaks offered here don't apply to dolphin 7.3

anyone in the know please post an update so I can make it so login is ONLY the registered email -- not an ID or username.

Thanks.

any update on this as i would like to use email only as well

I can confirm that this still works in 7.3.5 (yes there are some of us still out there hanging in!).