Laravel Auth: Login With Email Or Username (In One Field)

December 2, 2016

Quick tip for you guys. What if in your project users can login not only with email but also with some other field, like “username” or “user_id” or whatever? By default Laravel allows only one field like ’email’. That’s actually easy to change.

Let’s imagine that you already have a field username in your users table and need to check the login form result. So there are only two input fields – login and password. And login may be either email or username. How can we check both?

You need to add some code into a file app/Http/Auth/LoginController.php and override login() method:

public function login(Request $request)
{
    $this->validate($request, [
        'login'    => 'required',
        'password' => 'required',
    ]);

    $login_type = filter_var($request->input('login'), FILTER_VALIDATE_EMAIL ) 
        ? 'email' 
        : 'username';

    $request->merge([
        $login_type => $request->input('login')
    ]);

    if (Auth::attempt($request->only($login_type, 'password'))) {
        return redirect()->intended($this->redirectPath());
    }

    return redirect()->back()
        ->withInput()
        ->withErrors([
            'login' => 'These credentials do not match our records.',
        ]);
    } 

}

Let’s look a little deeper:

$login_type = filter_var($request->input('login'), FILTER_VALIDATE_EMAIL ) 
  ? 'email' 
  : 'username';

This line of code is checking whether user inputted an email or some other string – which then is interpreted as username.

$request->merge([
    $login_type => $request->input(‘login')
]);

This one is adding a variable into $request array – by default we have ‘login’ variable, but what we actually need is ’email’ or ‘username’ – so it’s inserted here.

if (Auth::attempt($request->only($login_type, 'password'))) {
    return redirect()->intended($this->redirectPath());
}

And finally we’re checking the credentials, but only the particular one we need – it comes from $login_type variable.

Simple, isn’t it?

7 COMMENTS

Dionysios December 4, 2016 at 5:41 pm

Nice! I like $request->input(‘identity’) instead of login in such cases.

ctf0 December 26, 2016 at 5:55 am

all u need to change is

public function username()
{
return filter_var($request->input(‘login’), FILTER_VALIDATE_EMAIL )
? ’email’
: ‘username’;
}

- Fongoh Tayong June 20, 2017 at 2:14 pm
  
  Where is the $request variable? The username() function does not take parameters so you need to tweak your code abig to something like this
  
  protected function credentials(Request $request)
  {
  $type = filter_var($request->input(‘identity’), FILTER_VALIDATE_EMAIL)
  ? ’email’
  : ‘phone_number’;
  
  $request->merge([
  $type => $request->input(‘identity’)
  ]);
  
  return $request->only($type, ‘password’);
  }
  
  public function username()
  {
  return ‘identity’;
  }
  
  - Niroj Adhikary December 28, 2017 at 2:49 pm
    
    If i use Request(‘identity’)?
    
mindau June 8, 2017 at 11:11 am

By this implementation is important to note that username should not allowed dots and @ in input, otherwise FILTER_VALIDATE_EMAIL returns true on username

- Junie October 26, 2017 at 12:01 pm
  
  @mindau, So what should be the proper way? Can you help us?
  
Deusmar Jr June 15, 2017 at 1:45 am

Is it ok to use:
return $this->sendFailedLoginResponse($request);

instead of:
return redirect()->back()
->withInput()
->withErrors([
‘login’ => ‘These credentials do not match our records.’,
]);
}