Jump to content

Front end login meaningful error message


Jozsef
 Share

Recommended Posts

The client's site has front end login, currently using the LoginRegisterPro module.
I understand it's a security feature that the only error message that's shown is "Failed Login".
Since the site is dealing with students, and thousands of members, they requested that I show the more explicit "Incorrect Password" error message when it applies  to reduce support requests and they understand the risks.

The only place I've found the "Invalid password" spelled out was the Session log but couldn't find where it is generated.

Can someone point me to the right direction on how i could enable "User with this email not found" and "Incorrect password" type of error messages on front end?

 

Link to comment
Share on other sites

You're right that this is by design and is not best practice. I actually don't know there is any proper way of doing this, but my first port of call would be to try hooking the session::loginFailure() method and then looking at the reason argument.

Check out wire/core/session.php and look at the code in login() and the ___loginFailure() hook.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...