On Fri, Nov 23, 2001 at 04:09:45PM +1100, simran wrote:
> What i want is:
>
> * To be able to give the user a reson if login fails
> - eg reason: * "No such username"
> * "Your password was incorrect"
On Thu, Nov 22, 2001 at 09:26:17PM -0800, clayton wrote:
> here is the meat of the matter
> send something like this to the $r->subprocess_env
> $r->subprocess_env('AuthCookieReason2', 'username invalid!');
yeah, but it depends when and where you do that. I found that if I set
subprocess_env in the AuthCookieHandler->authen_cred method, which is
where the login credentials get checked, it wasn't visible to the login
script - this is because a redirect takes place in between, so a whole new
request is started. So I had actually been doing something really dodgy to
catch invalid logins, but your mention of setting another cookie gave me
the idea of using the session key of the authcookie itself. If you set
this to something like 'InvalidLogin' in authen_cred, you can then check
for this and set the reason via $r->subprocess_env in
AuthCookieHandler->authen_ses_key, before AuthCookie->authenticate wipes
the cookie out. Not extensively tested, but seems to work so far :)
-carolyn
