From 17ccd3aa1b88a3bf4303d063be880eee75e8da65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <commits@skodak.org>
Date: Mon, 26 Aug 2013 20:38:34 +0200
Subject: [PATCH] MDL-41408 redirect after incorrect login attempts

---
 login/index.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/login/index.php b/login/index.php
index 4d83009391d..c4e21f61249 100644
--- a/login/index.php
+++ b/login/index.php
@@ -247,6 +247,9 @@ if ($frm and isset($frm->username)) {                             // Login WITH
             }
         }
 
+        // Discard any errors before the last redirect.
+        unset($SESSION->loginerrormsg);
+
         // test the session actually works by redirecting to self
         $SESSION->wantsurl = $urltogo;
         redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id)));
@@ -334,6 +337,23 @@ foreach($authsequence as $authname) {
     $potentialidps = array_merge($potentialidps, $authplugin->loginpage_idp_list($SESSION->wantsurl));
 }
 
+if (!empty($SESSION->loginerrormsg)) {
+    // We had some errors before redirect, show them now.
+    $errormsg = $SESSION->loginerrormsg;
+    unset($SESSION->loginerrormsg);
+
+} else if ($testsession) {
+    // No need to redirect here.
+    unset($SESSION->loginerrormsg);
+
+} else if ($errormsg or !empty($frm->password)) {
+    // We must redirect after every password submission.
+    if ($errormsg) {
+        $SESSION->loginerrormsg = $errormsg;
+    }
+    redirect(new moodle_url('/login/index.php'));
+}
+
 $PAGE->set_title("$site->fullname: $loginsite");
 $PAGE->set_heading("$site->fullname");