How to writing a plugin to change login detail


I would like to write a plugin to change login from “username/password” to “email/password” as the following image explained,

I am wondering how to start, like which category do I need to go with?

[OJS version is 3.0.2]


If you just want to replace instances of the word “username” with “email” sitewide, this may be (almost) as simple as changing the locale translations rather than writing a plugin. See the file:

Note that the term “username” is included in multiple other locale keys, such as:

This also points to the other “gotcha”. There is an unnecessary restriction of the username to alphanumeric characters. This can be removed, if you have some basic knowledge of PHP.

I wonder if @crism may have already relaxed this unneeded constraint as part of recent work here:

Oh, good catch, @ctgraham! I hadn’t relaxed that… the Shibboleth plugin sets the username as the e-mail directly in the DAO, so the front-end restrictions are circumvented. But if one disables the plugin, one may not be able to log in or recover the password, due to that restriction… I’ll check.

There doesn’t seem to be syntactic validation of the username at login, and password recovery is asking for e-mail anyway, not username. So from a Shibboleth perspective, I think this is good—e-mail–like usernames are only ever created by Shibboleth, and can’t be created via direct registration. Otherwise, a sort of weak DoS attack could be done by registering accounts that look like others’ e-mail addresses; Shibboleth-based registration would then fail, as it would try to create new accounts with usernames identical to previously-existing accounts.

report back:

I just changed line 31 on \lib\pkp\classes\security\
$user = $userDao->getByUsername($username, true);
$user = $userDao->getUserByEmail($username, true);
and now it can be logged in by email & password, but don’t know if there would be any side effects.

Anyway, I would still like to get it done by writing a plugin.