UniLogin - JoomlaX Documentation

Version: 1.1

Introduction

UniLogin is a powerful Joomla authentication plugin that allows users to log in to your Joomla site using either their email address or username, a feature not available in Joomla by default. This plugin extends Joomla's authentication system with advanced security features, flexible access controls, and customizable user experience options.

Key Features:

Email and username login support with optional fallback
Brute force protection with rate limiting and account lockout
Comprehensive login logging and audit trail
Email domain restrictions (whitelist/blacklist)
User group-based access control
Customizable error messages
Smart redirect system with group-specific rules
Custom login form labels and placeholders
Full compatibility with Joomla 4, 5, and 6

This documentation covers the installation, configuration, and usage of the UniLogin plugin.

Download and Installation

Downloading the Extension

Email: After you purchase the extension from our store, you will receive an email containing a link to download the extension.

Store: Alternatively, you can download the extension from the "Downloads" section in our store. If you are a new user, you need to create an account using the same email address you used for the purchase.

Click to download the extension package: Unilogin_UNZIP.zip

Unzipping the Package

Use any file unzipper tool or WinRAR to unzip the Unilogin_UNZIP.zip package. After unzipping, you will find the following contents:

plg_unilogin.zip: This is the installation file compatible with Joomla 4.x, 5.x, and 6.x.
ReadMe.txt: Contains vital information about the current version of the extension.

Installing the Extension

To install the extension, log in to the backend of your Joomla website.

For Joomla 4, 5 & 6: Navigate to Extensions > Install, then click on the "Upload Package File" tab. Click "Browse" to select the installation file (plg_unilogin.zip), then click "Upload and Install."

A success message will be displayed once the installation is complete. The plugin will automatically create the #__unilogin_attempts database table for login logging.

Basic Configuration

Enabling the Plugin

After installation, access the plugin settings by navigating to Extensions > Plugins, and find Authentication - UniLogin in the list. Click on it to open the configuration page.

Basic Settings

Username Fallback: When enabled, users can log in with either email or username. When disabled, only email login is allowed.

Custom Login Field Label: Change the "Username" label on the login form (e.g., "Email or Username", "Email Address"). Leave empty to use the default label.

Custom Login Field Placeholder: Set placeholder text shown inside the login field (e.g., "Enter your email address"). Leave empty to use the default placeholder.

Enabling the Plugin

Enable the plugin by clicking the checkbox in the top-right corner and clicking "Save". Once enabled, the plugin will start working automatically, allowing users to log in using their email addresses.

Security and Logging

Rate Limiting / Brute Force Protection

Enable Rate Limiting: Turn on brute force protection to prevent unauthorized access attempts.

Maximum Failed Attempts: Set the number of failed login attempts allowed before account lockout (default: 5, range: 1-20).

Lockout Duration: Set how long the account remains locked after reaching maximum failed attempts (default: 15 minutes, range: 1-1440 minutes).

The system tracks failed attempts by both email/username and IP address for enhanced security.

Login Logging

Enable Login Logging: Log all login attempts (successful, failed, and locked) to the database for security auditing.

Log Retention Period: Set how many days to keep login logs in the database (default: 30 days, range: 1-365 days). Older logs will be automatically deleted.

All login attempts are logged with the following information:

Email or username used
IP address
Timestamp
Status (success, failed, locked)
User ID (for successful logins)

You can view the logs in the #__unilogin_attempts database table.

Access Restrictions

Email Domain Restrictions

Enable Domain Restrictions: Restrict login to specific email domains or block unwanted domains.

Restriction Mode:

Whitelist: Only allow login from listed email domains. Empty list allows all domains.
Blacklist: Block login from listed email domains. Empty list blocks none.

Allowed Domains (Whitelist mode): Enter one domain per line (without @ symbol). Examples: company.com, example.org, mydomain.net

Blocked Domains (Blacklist mode): Enter one domain per line (without @ symbol). Examples: spam.com, badmail.com

User Group Restrictions

Enable Group Restrictions: Restrict email login to specific user groups only.

Allowed User Groups: Select which user groups can use email login. Leave empty to allow all groups.

This is useful for restricting email login to certain user groups while allowing others to use only username login.

Custom Messages and Redirects

Custom Error Messages

Customize all error messages to match your site's tone and branding:

User Not Found Message: Custom message when user email/username is not found
Invalid Password Message: Custom message when password is incorrect
Account Locked Message: Custom message when account is locked due to too many failed attempts
Domain Blocked Message: Custom message when email domain is not allowed

Leave any field empty to use the default Joomla message for that error.

Login Redirect Settings

Enable Custom Redirect: Redirect users to a custom page after successful login instead of the default Joomla redirect.

Default Redirect URL: URL to redirect all users after login. Examples: /dashboard, /profile, /members. Leave empty to use Joomla default redirect.

Group-Specific Redirects

Enable Group-Specific Redirects: Redirect different user groups to different pages after login. Group-specific redirects override the default redirect URL.

Group Redirect Rules: Click "Add" to create redirect rules. For each rule:

Select the user group
Enter the redirect URL (e.g., /members, /dashboard, /profile)

When a user logs in, the system checks their user groups and redirects them to the matching rule's URL. If no group-specific rule matches, the default redirect URL is used.

Language Override

Note: With version 1.1, you can now customize the login form label and placeholder directly in the plugin parameters. However, if you prefer using language overrides, you can still use the method below.

Changing the Text for the Login Form

Access Language Overrides:
- Log in to the backend of your Joomla website.
- Navigate to Extensions > Language(s) > Overrides.
Select Language and Create New Override:
- Select the language you want to create the override for (e.g., English (en-GB)).
- Click the New button to create a new language override.
Search for the Constant:
- In the search field, type COM_USERS_LOGIN_USERNAME_LABEL.
- Click the Search button to find the constant used for the "Username" field label.
Create the Override:
- Once the constant COM_USERS_LOGIN_USERNAME_LABEL appears in the search results, click on it.
- In the Text field, enter Email or Username (or your preferred text).
- Click the Save & Close button.

Changing the Text for the Login Module

Access Language Overrides:
- Log in to the backend of your Joomla website.
- Navigate to Extensions > Language(s) > Overrides.
Select Language and Create New Override:
- Select the language you want to create the override for (e.g., English (en-GB)).
- Click the New button to create a new language override.
Search for the Constant:
- In the search field, type MOD_LOGIN_VALUE_USERNAME.
- Click the Search button to find the constant used for the "Username" field label in the login module.
Create the Override:
- Once the constant MOD_LOGIN_VALUE_USERNAME appears in the search results, click on it.
- In the Text field, enter Email or Username (or your preferred text).
- Click the Save & Close button.

FAQ

How do I change the text "Username" to "Email or Username" for the login form?
- You can now do this directly in the plugin parameters! Navigate to Extensions > Plugins, find Authentication - UniLogin, and set the "Custom Login Field Label" parameter to "Email or Username". Alternatively, you can use language overrides for the constant COM_USERS_LOGIN_USERNAME_LABEL.
How do I enable username fallback?
- In the plugin parameters, enable the "Username Fallback" option. When enabled, users can log in with either email or username. When disabled, only email login is allowed.
How does rate limiting work?
- Rate limiting protects your site from brute force attacks. After a configurable number of failed login attempts (default: 5), the account is locked for a specified duration (default: 15 minutes). The system tracks attempts by both email/username and IP address.
Where can I view login logs?
- Login logs are stored in the #__unilogin_attempts database table. You can view them using a database management tool like phpMyAdmin. The logs include email/username, IP address, timestamp, status, and user ID.
How do I restrict login to specific email domains?
- Enable "Domain Restrictions" in the plugin parameters, choose Whitelist or Blacklist mode, and enter the domains (one per line, without @ symbol). In Whitelist mode, only listed domains are allowed. In Blacklist mode, listed domains are blocked.
Can I redirect different user groups to different pages after login?
- Yes! Enable "Group-Specific Redirects" and add redirect rules. For each rule, select a user group and enter the redirect URL. Group-specific redirects override the default redirect URL.
If I want to allow users to register using only their email and not a username, will this plugin work?
- No, the UniLogin plugin does not support registration using only an email without a username. For this functionality, you can use another plugin developed by us called Registration Simplifier, which will fulfill your requirements.
Why is it useful to allow login using both email and username?
- Allowing login using both email and username is useful because many users often forget their usernames but remember their email addresses. This feature makes the login process more user-friendly and reduces the chances of login issues. It is the ultimate solution and has been implemented on major sites like Amazon, Google, Facebook, and X.
Is the plugin compatible with Joomla 6?
- Yes! UniLogin version 1.1 is fully compatible with Joomla 4, 5, and 6.

Troubleshooting

Login Not Working: Ensure the plugin is enabled by navigating to Extensions > Plugins and checking that Authentication - UniLogin is active. Also verify that the plugin is published and has the correct access level.
Text Not Changing to "Email or Username": If using plugin parameters, ensure you've saved the settings. If using language overrides, verify that you have correctly set up the language overrides for both COM_USERS_LOGIN_USERNAME_LABEL (for the login form) and MOD_LOGIN_VALUE_USERNAME (for the login module). Ensure the overrides are saved and applied to the correct language.
Users Unable to Login with Email: Confirm that users are entering the correct email address associated with their account. Check if domain restrictions are enabled and if the user's email domain is allowed. Also verify that group restrictions are not blocking the user's group.
Account Locked Out: If a user's account is locked, wait for the lockout duration to expire, or manually clear the failed attempts from the #__unilogin_attempts database table. You can also adjust the "Maximum Failed Attempts" and "Lockout Duration" settings in the plugin parameters.
Redirect Not Working: Verify that "Enable Custom Redirect" is enabled and a valid redirect URL is set. For group-specific redirects, ensure the user belongs to the correct group and the redirect rule is properly configured. Check that the URL is internal (starts with / or index.php).
Database Table Not Created: If the #__unilogin_attempts table was not created during installation, try uninstalling and reinstalling the plugin, or manually run the table creation SQL from the script.php file.
Rate Limiting Too Strict: If legitimate users are being locked out, increase the "Maximum Failed Attempts" value or the "Lockout Duration" in the plugin parameters. You can also disable rate limiting if not needed.
Domain Restrictions Not Working: Verify that domain restrictions are enabled and the correct mode (Whitelist/Blacklist) is selected. Ensure domains are entered correctly (one per line, without @ symbol). Check that the user's email domain matches exactly (case-insensitive).