Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2020-12-20 13:14:09

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 3,344

Admin-side login name - can it be an email address?

Can someone logging into Textpattern use their email address instead of their real name or username?

Assumptions: an email address is unique, two user accounts cannot have the same email address, so it’s not a stretch to permit email-address-as-an-identifier for logins…right?

(I have gone back and forth on whether I should know this, but it’s Sunday and I’m very low on sleep so cut me a little slack before you berate me. Thaaaaaanks.)

Offline

#2 2020-12-20 13:59:02

Pat64
Plugin Author
From: France
Registered: 2005-12-12
Posts: 1,453
Website

Re: Admin-side login name - can it be an email address?

Absolutely agree!

That’s a feature I would like to see for Textpattern: an email address is simpler to memorize than a name/identifier, too.


Patrick.

Github | CodePen | Codier | Simplr theme | Wait Me: a maintenance theme | [\a mi.ni.ma]: a “Low Tech” simple Blog theme.

Offline

#3 2020-12-20 14:01:23

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,977
Website

Re: Admin-side login name - can it be an email address?

They can’t login using the email address at present, no. Unless when the account is set up, the email address is also used as their login name.

It might be a nice idea if the incoming login name looks like an email address to match on that column. Any security implications here, given that we’d also have to open it up to the “forgot password” too? Seems fine to me.

Could be a feature request that I don’t think would be hard to implement. Though if anybody is currently using the email address as a login name, that might break their experience (though the same email is used in both fields so it should work okay). I know of at least one system in the wild doing this.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#4 2020-12-20 17:22:35

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 3,344

Re: Admin-side login name - can it be an email address?

Thanks, Bloke. Thanks, Pat64. Extra brains are greatly appreciated!

github.com/textpattern/textpattern/issues/1614 for consideration.

Offline

#5 2020-12-21 07:56:22

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,382
Website

Re: Admin-side login name - can it be an email address?

Hi

Dont forget that you can have multiple account using the same email in textpattern.

Cheers.

Offline

#6 2020-12-21 08:01:55

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 3,344

Re: Admin-side login name - can it be an email address?

Dragondz wrote #327711:

Dont forget that you can have multiple account using the same email in textpattern.

Rabah is correct.

Today I learned >1 account can have the same email address. Hmm.

Offline

#7 2020-12-21 09:51:17

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,977
Website

Re: Admin-side login name - can it be an email address?

gaekwad wrote #327712:

>1 account can have the same email address.

Good catch. I forgot I actually use this feature to bypass the ‘one concurrent login’ restriction on the admin side. See GitHub discussion for more.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#8 2020-12-21 10:35:26

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 3,344

Re: Admin-side login name - can it be an email address?

Bloke wrote #327713:

I forgot I actually use this feature to bypass the ‘one concurrent login’ restriction on the admin side.

I should know this…what’s the rationale behind the rule? I know there’re CSRF implications but since it’s trivial to have an additional user logged in (per your workaround), do we have enough clout to make that “the way” if someone wants to do this?

Offline

#9 2020-12-21 10:44:50

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,977
Website

Re: Admin-side login name - can it be an email address?

gaekwad wrote #327714:

what’s the rationale behind the rule?

I have no idea! Ruud implemented it in, what, 4.0.6? Just been that way ever since.

do we have enough clout to make that “the way” if someone wants to do this?

I was thinking about this. The only way I can think of doing it is with a pref ‘maximum simultaneous logins’ or somesuch. But then there’s the issue of which one’s oldest – which do you kick off when the limit’s exceeded, given we don’t know when someone logged in (beyond the month, thanks to the vagaries of the login cookie)?


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#10 2020-12-21 10:57:02

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 3,344

Re: Admin-side login name - can it be an email address?

Bloke wrote #327715:

The only way I can think of doing it is with a pref ‘maximum simultaneous logins’ or somesuch.

I think that’s too much choice, honestly. If there’s an appetite for multiple login sessions (e.g. one at work, one from home), that should be possible. The token will match per-browser, so there’s minimal CSRF impact, and an average user will be logged in at ~1 place at once. There’s a collision risk of two people doing something on the same account on the same content at the same time, but it’s minimal.

If people are sharing accounts, that’s understandable, but we could reinforce the importance of having atomic logins for people since personnel change over time and any admin worth their salt will want to keep things safe (e.g. not having a single user with shared credentials…hello there, SolarWinds).

Offline

Board footer

Powered by FluxBB