| Hello. I have two questions regarding CAP Authentication. The first is a feature request/best practice question. As far as I can tell there seems to be now way by just using the Authentication plugin to detect when the user has supplied the wrong login credentials. I looked into the initialize function and it seems that when it has the wrong credentials it merely increments the login_attempts variable. Would it be possible to create another method which indicated why the login failed so one can provide user feedback. Secondly, upon how can one get the user to be redirected back to the login page if they supplied invalid credentials. I think that maybe in the provided prerun_callback it could check the newly suggested method and if it is set also redirect to the value provided by redirect_to_login. The second question I had asked before but I didn't seem to get any responses, so I an going to try again with more details. According to the docs after the user successfully logs in they will be be redirected to the page that was originally requested when the login page was triggered (assuming the POST_LOGIN_* options are not set). Looking at the redirect_after_login function it seems that if those options are not set it tried to redirect to the value set by the param 'destination'. This value is only set in the login_box function (which it sets it to $query->self_url). However, the value of $query->self_url will not be the correct value if the user got their because it was a protected runmode. The value it sets it to is the that of the login page? Is this a bug or am I just missing something. Thanks in advance. Michael Petnuch |
smime.p7s
Description: S/MIME cryptographic signature
