#2901 closed enhancement (fixed)
Incorrect Login Feedback
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Priority: | low | |
Severity: | minor | Version: | 2.0.3 |
Component: | Security | Keywords: | security, feedback, login bg|has-patch |
Focuses: | Cc: |
Description
User, Jared, requests feedback for incorrect login. Says that going directly back to login box results in typing password in plain text for all to see if user is in a hurry.
Attachments (2)
Change History (12)
#1
@
19 years ago
- Keywords bg|has-patch added
- Owner changed from anonymous to Nazgul
- Status changed from new to assigned
#2
@
19 years ago
wp_login() sets an error message if there is a bad username or password. It does so by setting the global $error var, which is kinda ugly, but it does work.
#3
@
19 years ago
Ah, hold on. I see that we aren't hitting wp_login() if the password is empty. We shouldn't need the first part of the patch, but the last part is needed. How about if empty checks for both username and password with separate messages for each. Use the same message used in wp_login():
'<strong>Error</strong>: The password field is empty.'
Note: See
TracTickets for help on using
tickets.
Small patch which gives a 'Incorrect username or password' message on a faulty login.
Also, the 'relevant' part of the IRC discussion: