WordPress Installation

Note: It’s called a “one click” process, but there are actually about 7 steps or clicks to make. But they are all very simple.

1. Log in to your cPanel account with your web hosting company.
By default the Auth component will use the given username posted in the login form to check for a valid user account. However, some applications have two separate fields: one to define the username, and another one to define the user's e-mail. This recipe shows how to allow logins using either a username or an e-mail.

Getting ready

We should have a fully working authentication system, so follow the entire recipe, Setting up a basic authentication system.

We also need the field to hold the user's e-mail address. Add a field named email to your
users table with the following SQL statement:


We need to modify the signup page so users can specify their e-mail address. Edit your
app/views/users/add.ctp file and make the following changes:

echo $this->Form->create();
echo $this->Form->inputs(array(
'legend' => 'Signup',
echo $this->Form->end('Submit');

Start Example:

1. Edit your app/views/users/login.ctp file and make the following changes to it:
echo $this->Form->create(array('action'=>'login'));
echo $this->Form->inputs(array(
'legend' => 'Login',
'username' => array('label'=>'Username / Email'),
echo $this->Form->end('Login');
2. Edit your UsersController class and make sure the login action looks like the
public function login() {
if (
!empty($this->data) &&
!empty($this->Auth->data['User']['username']) &&
) {
$user = $this->User->find('first', array(
'conditions' => array(
'User.email' => $this->Auth-
'User.password' => $this->Auth-
'recursive' => -1
if (!empty($user) && $this->Auth->login($user)) {
if ($this->Auth->autoRedirect) {
} else {
>loginError, $this->Auth->flashElement, array(), 'auth');

If you now browse to http://localhost/users/login and you can enter the user's e-mail and password to log in, as shown in the following screenshot:

When the Auth component is unable to find a valid user account using the username and
password fields, it gives the control back to the login action. Therefore, in the login action we can check if there is any submitted data. If that is the case, we know that the Auth component was not able to find a valid account.

With this in mind, we can try to find a user account with an e-mail that matches the given username. If there is one, we log the user in and redirect the browser to the default action, similar to what the component would do on a successful attempt.

If we cannot find a valid user account, we simply set the flash message to the default error message specified in the Auth component.