MDL-41408 redirect after incorrect login attempts

moodle · Sep 7, 2013 · 17ccd3a · 17ccd3a
1 parent b69ec28
commit 17ccd3a
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/login/index.php b/login/index.php
@@ -247,6 +247,9 @@
             }
         }
 
+        // Discard any errors before the last redirect.
+        unset($SESSION->loginerrormsg);
+
         // test the session actually works by redirecting to self
         $SESSION->wantsurl = $urltogo;
         redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id)));
@@ -334,6 +337,23 @@
     $potentialidps = array_merge($potentialidps, $authplugin->loginpage_idp_list($SESSION->wantsurl));
 }
 
+if (!empty($SESSION->loginerrormsg)) {
+    // We had some errors before redirect, show them now.
+    $errormsg = $SESSION->loginerrormsg;
+    unset($SESSION->loginerrormsg);
+
+} else if ($testsession) {
+    // No need to redirect here.
+    unset($SESSION->loginerrormsg);
+
+} else if ($errormsg or !empty($frm->password)) {
+    // We must redirect after every password submission.
+    if ($errormsg) {
+        $SESSION->loginerrormsg = $errormsg;
+    }
+    redirect(new moodle_url('/login/index.php'));
+}
+
 $PAGE->set_title("$site->fullname: $loginsite");
 $PAGE->set_heading("$site->fullname");