You could apply the Authenticate User server behaviors twice, once with email and once with phone number. Just make sure the first instance doesn't have a failed redirect but does have a success redirect. That way if the first one fails it will continue to the second, but if it succeeds it will redirect and won't try the second login.
In the sample page you would end up having the Authenticate User server behavior 4 times on the page. Twice for form login and twice for auto-login. Just copy the two that are already there in code view and then edit them so one uses phone number and edit the redirects keeping everything else the same.