Membership Plugin - Bad Login Response
2 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 8, 2012 (RSS)
By Perchpole - July 8, 2012
Hello, All -
Apologies in advance if this matter has been raised before - but I can't find any reference to it...
Has anyone explored the possibility of making the Membership Plugin a bit more specific in terms of its response to a bad login request?
One of my sites is made for rather senior members and some of the mare having issues with the login process. If they enter their details incorrectly, the plugin responds with a very generic error:
Invalid username or password!
It would be far more useful (for my elderly users) if the system told them exactly which part of their login attempt was wrong - i.e.:
Password Incorrect!
etc...
Is this do-able?
:0)
Perch
Apologies in advance if this matter has been raised before - but I can't find any reference to it...
Has anyone explored the possibility of making the Membership Plugin a bit more specific in terms of its response to a bad login request?
One of my sites is made for rather senior members and some of the mare having issues with the login process. If they enter their details incorrectly, the plugin responds with a very generic error:
Invalid username or password!
It would be far more useful (for my elderly users) if the system told them exactly which part of their login attempt was wrong - i.e.:
Password Incorrect!
etc...
Is this do-able?
:0)
Perch
Re: [Perchpole] Membership Plugin - Bad Login Response
By Jason - July 8, 2012
Hi Perch,
The error message is vague on purpose, for security reasons. If you narrow down the issue by telling them which part of the process was incorrect, you give a potential hacker information about what they got right. (ie "Incorrect Password" lets them know they got the username correct).
However, it is possible to do what you are asking. You would need to do some customization of the plugin. If the login was not successful, you could do a query to see if you could find a record with the entered user name. If you can, then the password was incorrect, if you can't, then the username (and possibly the password) is incorrect.
Hope this helps.
The error message is vague on purpose, for security reasons. If you narrow down the issue by telling them which part of the process was incorrect, you give a potential hacker information about what they got right. (ie "Incorrect Password" lets them know they got the username correct).
However, it is possible to do what you are asking. You would need to do some customization of the plugin. If the login was not successful, you could do a query to see if you could find a record with the entered user name. If you can, then the password was incorrect, if you can't, then the username (and possibly the password) is incorrect.
Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/