session_set_cookie_params(0);
}
- @session_start();
-
if (authenticate_user($login, $password)) {
$_POST["password"] = "";
}
}
} else {
+
+ // start an empty session to deliver login error message
+ @session_start();
+
$_SESSION["login_error_msg"] = __("Incorrect username or password");
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}