Using username instead of email in CakePHP's Auth Component

Question

Using CakePHP\'s Auth Component, how do I allow users to authenticate by using either their \"username\" or \"email\" field as a username, and a \"pass\" field as their pass

Answer 1

what does "using (username and email) both as username " mean?

Edit: ok, so you want Auth to look in both username and email fields in the db to compare to the "username" that the user enters? then do this:

function beforeFilter() {
  parent::beforeFilter();
  $this->Auth->fields = array('username' => 'username', 'password' => 'pass');
  $this->Auth->autoRedirect = false;
}
function login(){
  if ($this->Auth->user()) {
     $this->redirect($this->Auth->redirect());
  } else if (!empty($this->data)) {
     $this->Auth->fields = array('username' => 'email', 'password' => 'pass');
     $this->data['User']['email'] = $this->data['User']['username'];
     if($this->Auth->login($this->data))$this->redirect($this->Auth->redirect());
  }
}

Answer 2

To do this you have to skip Auths autoredirect and manage it yourself. This the login action in your users_controller:

public function login() {
    if(!empty($this->data)) { // Submitted form

        // Try to login with Email
        if(!$this->Auth->user() // if user wasn't logged in with username + pass
            && !empty($this->Auth->data['User']['username'])
            && !empty($this->Auth->data['User']['password'])
        ) {
            $user = $this->User->find('first', array(
                'conditions' => array(
                    'User.email' => $this->Auth->data['User']['username'],
                    'User.password' => $this->Auth->data['User']['password']
                ),
                'recursive' => -1
            ));

            if(!empty($user) && $this->Auth->login($user)) {
                // They logged in, so kill the flash error message
                $this->Session->delete('Message.auth');
            } else {
                $this->Session->setFlash($this->Auth->loginError, $this->Auth->flashElement, array(), 'auth');
            }
        }

        if($this->Auth->user()) {
            // Post login logic here
            $this->redirect($this->Auth->redirect());
        }

    } else {
        if($this->Auth->user()) {
            $this->Session->setFlash(__d('users', 'You are already registered and logged in!', true));
            //$this->redirect('/');
            $this->redirect($this->Auth->redirect());
        }
    }

This was copied straight from my app, so may need a bit of tweaking for yours. Don't forget to set $this->Auth->autoRedirect = false; in your AppController:beforeFilter();

You have to remember that Auth will automatically check against username and password, so this action just picks up from that. The Session::remove() call is to delete the Auth error message automatically left when the username/password check fails ANd the email login succeeds (otherwise you get error messages with successful logins).