Just modify checklogin.php like this.
// uname&email hack GIJ
$uname4sql = addslashes( $myts->stripSlashesGPC($uname) ) ;
$pass4sql = addslashes( $myts->stripSlashesGPC($pass) ) ;
if( strstr( $uname , '@' ) ) {
// check by email if uname includes '@'
$criteria = new CriteriaCompo(new Criteria('email', $uname4sql ));
$criteria->add(new Criteria('pass', md5( $pass4sql )));
$user_handler =& xoops_gethandler('user');
$users =& $user_handler->getObjects($criteria, false);
if( empty( $users ) || count( $users ) != 1 ) $user = false ;
else $user = $users[0] ;
unset( $users ) ;
}
if( empty( $user ) || ! is_object( $user ) ) {
$user =& $member_handler->loginUser($uname4sql,$pass4sql);
}
// end of uname&email hack GIJ