From 1ab30af87f8b68c845e71acc861dec838de2c608 Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 29 Apr 2019 23:42:42 +0200 Subject: [PATCH] Display a notice if a password has been invalidated. --- public/auth/login.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/public/auth/login.php b/public/auth/login.php index f2ea9f7a..5d359938 100644 --- a/public/auth/login.php +++ b/public/auth/login.php @@ -52,6 +52,11 @@ while (!empty($_POST['login']) && is_array($_POST['login'])) { break; } + if (empty($userData['password'])) { + $notices[] = 'Your password has been invalidated, please reset it.'; + break; + } + if (!password_verify($_POST['login']['password'], $userData['password'])) { user_login_attempt_record(false, $userData['user_id'], $ipAddress, $userAgent); $notices[] = $loginFailedError;