Front end login meaningful error message

[Jozsef]

The client's site has front end login, currently using the LoginRegisterPro module.
I understand it's a security feature that the only error message that's shown is "Failed Login".
Since the site is dealing with students, and thousands of members, they requested that I show the more explicit "Incorrect Password" error message when it applies  to reduce support requests and they understand the risks.

The only place I've found the "Invalid password" spelled out was the Session log but couldn't find where it is generated.

Can someone point me to the right direction on how i could enable "User with this email not found" and "Incorrect password" type of error messages on front end?

 

[netcarver]

You're right that this is by design and is not best practice. I actually don't know there is any proper way of doing this, but my first port of call would be to try hooking the session::loginFailure() method and then looking at the reason argument.

Check out wire/core/session.php and look at the code in login() and the ___loginFailure() hook.