Forum

Thread tagged as: Addons, Runway, Members

Implementing form_login Authenticator in Perch Members App

Hi

I would like to add a helper for verifying the user password when using the login form as it would be good if the login form could display an error to the user that the password is incorrect. I have noticed this is not implemented in the Perch_Authenticator class? Are there any underlying Data Access functions that can encrypt and test the password without trying to log the user in? I cannot use a nested perch:error tag in the form, as its wrapped in a perch:member logged-in tag to redirect on a successful login. If the login is incorrect, it just displays the form again.

Any guidance would be appreciated.

Regards

Vinay Jagessar

Vinay Jagessar 0 points

  • 6 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

Generally we don't do this to prevent it being too easy to know if part of the username and password combination is correct. If someone is attacking your site, the possible combinations of username and password are drastically reduced if they can tell when they've got one or other of them correct.

As it's a login form, could you not use the general error message for this purpose?

<perch:error for="all" type="general">
    Sorry, your password was incorrect.
</perch:error>

Thanks, that makes sense. I will try use this instead as a general message, it is just to inform users instead of actually creating a validator.

Many thanks