Membership Plugin Question - scary request

6 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 8, 2010   (RSS)

By Codee - June 17, 2010

Dave and IT,
Love the plugins and using some of them on several sites and finding the membership plugin to be very helpful on some - thanks!

One client has a teaching website and some of her clients use the same email address but need separate accounts on the website (with the membership plugin). Obviously the security of this plugin (like most membership based websites) is geared to have one unique email address assigned to a unique account. However, this client is really wanting the ability to use the same email address on multiple accounts.

Can this be done and what's involved?

Thanks!

Re: [equinox69] Membership Plugin Question - scary request

By Jason - June 21, 2010

Hi,

The error checking that forces a user to use a unique email is actually not part of the plugin, but part of the signup form. If you're using the code that came with the plugin (sample_signup.php), you'll see this code:

// check for duplicate usernames and emails
if (!$errorsAndAlerts) {
$count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'");
if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!<br/>\n"; }

$count = mysql_select_count_from('accounts', "'".mysql_escape($_REQUEST['email'])."' IN (email, username)");
if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!<br/>\n"; }
}


This checks to see if the user name or email entered when signing up already exists. It's important that usernames are forced to be unique, but if you want to allow for multiple accounts using the same email address, you can remove the second part, so the code would then look like this:

// check for duplicate usernames and emails
if (!$errorsAndAlerts) {
$count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'");
if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!<br/>\n"; }


}


You'll need to make the same change in the profile page where they can update their user information.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Membership Plugin Question - scary request

By Codee - June 23, 2010

Jason, than you SO much for providing the workaround.

Re: [Jason] Membership Plugin Question - scary request

By Codee - July 7, 2010

Jason. This is actually NOT the security problem with multiple accounts using same email address. We're using the standard account creation function inside CMSB...and not the signup form with the membership plugin.

We need to be able to use "User Account" section and be able to use the same email address on multiple accounts. Right now when we try this we get the popup error message:
"Email' value must be unique. The selected value is already in use!"

We need to be able to bypass this for this site.

Thanks!

Re: [equinox69] Membership Plugin Question - scary request

By Jason - July 8, 2010

Hi,

What you need to do is to log into CMS Builder as the administrator and go to the section editor for User Accounts.

Go to the "Advanced Commands" drop down at the bottom of the page, select "Enable System Field Editing" and click "Go".

You're now able to edit system fields. Click on "Modify" beside the Email field.

Go to the "Input Validation" section and uncheck the "Unique" field.

Click Save.

Finally, it would be a good practice to Disable System Field Editing again. This will allow for users to use the same email address.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/