From 3ecabe0291b159d163ad315b66f51b6d741d879e Mon Sep 17 00:00:00 2001
From: Jonny Tischbein <jonny_tischbein@systemli.org>
Date: Wed, 3 Oct 2018 13:10:49 +0200
Subject: [PATCH 1/3] Fix goaway url when login failed + using info to display
 message

---
 src/Module/Login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Module/Login.php b/src/Module/Login.php
index fadfb2066..e6bb933f0 100644
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -140,8 +140,8 @@ class Login extends BaseModule
 			}
 		} catch (Exception $e) {
 			logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
-			notice($e->getMessage() . EOL);
-			goaway(self::getApp()->get_baseurl() . '/login');
+			info('Login failed: ' . $e->getMessage() . EOL);
+			goaway();
 		}
 
 		if (!$remember) {

From 3c9b33176f52790ff669ec2f2e28ed350a3944c8 Mon Sep 17 00:00:00 2001
From: Jonny Tischbein <jonny_tischbein@systemli.org>
Date: Wed, 3 Oct 2018 14:32:16 +0200
Subject: [PATCH 2/3] Static reason for login failure to prevent bruteforce

---
 src/Module/Login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Module/Login.php b/src/Module/Login.php
index e6bb933f0..99401ebbe 100644
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -140,7 +140,7 @@ class Login extends BaseModule
 			}
 		} catch (Exception $e) {
 			logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
-			info('Login failed: ' . $e->getMessage() . EOL);
+			info('Login failed. Please check your credentials.' . EOL);
 			goaway();
 		}
 

From ee32459358c6ca818f368e55e49147e4dcdcc690 Mon Sep 17 00:00:00 2001
From: Jonny Tischbein <jonny_tischbein@systemli.org>
Date: Wed, 3 Oct 2018 18:28:04 +0200
Subject: [PATCH 3/3] goaway with argument

---
 src/Module/Login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Module/Login.php b/src/Module/Login.php
index 99401ebbe..ad5d5ad0b 100644
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -141,7 +141,7 @@ class Login extends BaseModule
 		} catch (Exception $e) {
 			logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
 			info('Login failed. Please check your credentials.' . EOL);
-			goaway();
+			goaway('/');
 		}
 
 		if (!$remember) {