Monitor Reply

Support

Invalid Login Message

Permalink Browser Info Environment September 03, 2013 at 1:19 PM

Hi,

I would like visitors who supply incorrect credentials to receive the same "Invalid username or password" message that the core login has. Is there a way/workaround to achieve this?

Thanks.

Type:	Discussion
Status:	New

jb1 replied on Sep 3, 2013 at 9:53 pm Permalink Reply

Hi

If any of the login info were incorrect the user should be redirected to the core login form and should be given that same message. Did I answer your question correctly?

JZ

clovisusd replied on Sep 5, 2013 at 10:14 am Permalink Reply

Hi,

They are not being redirected. It may be because we created a custom single page login theme, perhaps?

You can see it athttp://www.californiafairschoolfunding.org/login...

I can provide any access, if necessary.

Thank you.

jb1 replied on Sep 5, 2013 at 9:33 pm Permalink Reply

Ah yes, it looks like you hard-coded the Register Pro block inside that single page. In that case you'll have to put the do_login function in the controller of your single page.

The original function found in the core login controller is this

public function do_login() {
      $ip = Loader::helper('validation/ip');
      $vs = Loader::helper('validation/strings');
      $loginData['success']=0;
      try {
         if(!$_COOKIE[SESSION]) {
            throw new Exception(t('Your browser\'s cookie functionality is turned off. Please turn it on.'));
         }
         if (!$ip->check()) {
            throw new Exception($ip->getErrorMessage());
         }
         if (OpenIDAuth::isEnabled() && $vs->notempty($this->post('uOpenID'))) {
            $oa = new OpenIDAuth();
            $oa->setReturnURL($this->openIDReturnTo);
            $return = $oa->request($this->post('uOpenID'));

Viewing 15 lines of 77 lines. View entire code block.

 
public function do_login() {
      $ip = Loader::helper('validation/ip');
      $vs = Loader::helper('validation/strings');
 
      $loginData['success']=0;
 
      try {
         if(!$_COOKIE[SESSION]) {
            throw new Exception(t('Your browser\'s cookie functionality is turned off. Please turn it on.'));
         }
 
         if (!$ip->check()) {
            throw new Exception($ip->getErrorMessage());
         }
         if (OpenIDAuth::isEnabled() && $vs->notempty($this->post('uOpenID'))) {
            $oa = new OpenIDAuth();
            $oa->setReturnURL($this->openIDReturnTo);
            $return = $oa->request($this->post('uOpenID'));
            $resp = $oa->getResponse();
            if ($resp->code == OpenIDAuth::E_INVALID_OPENID) {
               throw new Exception(t('Invalid OpenID.'));
            }
         }
 
         if ((!$vs->notempty($this->post('uName'))) || (!$vs->notempty($this->post('uPassword')))) {
            if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
               throw new Exception(t('An email address and password are required.'));
            } else {
               throw new Exception(t('A username and password are required.'));
            }
         }
 
         $u = new User($this->post('uName'), $this->post('uPassword'));
         if ($u->isError()) {
            switch($u->getError()) {
               case USER_NON_VALIDATED:
                  throw new Exception(t('This account has not yet been validated. Please check the email associated with this account and follow the link it contains.'));
                  break;
               case USER_INVALID:
                  if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
                     throw new Exception(t('Invalid email address or password.'));
                  } else {
                     throw new Exception(t('Invalid username or password.'));
                  }
                  break;
               case USER_INACTIVE:
                  throw new Exception(t('This user is inactive. Please contact us regarding this account.'));
                  break;
            }
         } else {
 
            if (OpenIDAuth::isEnabled() && $_SESSION['uOpenIDExistingUser'] > 0) {
               $oa = new OpenIDAuth();
               if ($_SESSION['uOpenIDExistingUser'] == $u->getUserID()) {
                  // the account we logged in with is the same as the existing user from the open id. that means
                  // we link the account to open id and keep the user logged in.
                  $oa->linkUser($_SESSION['uOpenIDRequested'], $u);
               } else {
                  // The user HAS logged in. But the account they logged into is NOT the same as the one
                  // that links to their OpenID. So we log them out and tell them so.
                  $u->logout();
                  throw new Exception(t('This account does not match the email address provided.'));
               }
            }
 
            $loginData['success']=1;
            $loginData['msg']=t('Login Successful');
            $loginData['uID'] = intval($u->getUserID());
         }
 
         $loginData = $this->finishLogin($loginData);
 
      } catch(Exception $e) {
         $ip->logSignupRequest();
         if ($ip->signupRequestThreshholdReached()) {
            $ip->createIPBan();
         }
         $this->error->add($e);
         $loginData['error']=$e->getMessage();
      }
 
      if ($_REQUEST['format']=='JSON') {
         $jsonHelper=Loader::helper('json');
         echo $jsonHelper->encode($loginData);
         die;
      }
   }

You can try and put that inside your controller.

Hope that helps.

JZ

Register User Pro

Support

Invalid Login Message

Issue Reply

concrete5 Environment Information

Browser User-Agent String

Hide Post Content

Request Refund

Code

Delete Post

Sign In?