Require login by email

In version 1.12.6 /actions/login.php is the code:

// check if logging in with email address
if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
    $username = $users[0]->username;

$result = elgg_authenticate($username, $password);
if ($result !== true) {

$user = get_user_by_username($username);
if (!$user) {

Is there a way to add code to reject login by username?

I tried many ways, but nothing worked. But then again, I have no idea what I'm doing.

  • Like all actions, before this code runs, a plugin hook [action, "login"] is triggered. If you create a handler for that hook, you can sniff the username from the input (use get_input) and optionally cancel the action. E.g. send an error message with register_error and then forward(REFERER).

    As always, your code should go into a custom plugin, not the core files.

  • Thanks Steve. I think doing that as a plugin is beyond my pay level.

    I was hoping to simply add an extra check below the email one.

    The website I am using is designed to be permanent and will therefore forever be on the current elgg version. I know that is not a recommended thing to do, but that is the plan. Someone will take over after I pass on and will need to worry about things that may no longer work.

  • I managed to jag it by adding the following code above the checking for email code:

    // reject usernames
    if (strpos($username, '@') !== true && ($users = get_user_by_username($username))) {

    I appreciate the fact you should not edit the core files, but it is best for me in my particular situation.