From 00b1d754b03230c2a9acea493819de5073662040 Mon Sep 17 00:00:00 2001
From: Nick Liu <deltik@gmx.com>
Date: Wed, 7 Sep 2022 12:32:02 -0500
Subject: [PATCH] Login flow consistency: Do not use redirect in admin area
 login box

The non-admin login flow does not perform a redirect, but the admin
login flow did. This led to an inconsistency in how the authentication
error message was passed.

Fixes: https://github.com/e107inc/e107/issues/4779
---
 e107_admin/auth.php                           | 31 ++++++-------------
 e107_handlers/login.php                       |  2 +-
 .../tests/acceptance/0001_AdminLoginCest.php  | 15 +++++++--
 3 files changed, 23 insertions(+), 25 deletions(-)

diff --git a/e107_admin/auth.php b/e107_admin/auth.php
index b94da2bbea..7b82bedc65 100644
--- a/e107_admin/auth.php
+++ b/e107_admin/auth.php
@@ -134,12 +134,7 @@
 		{
 			e107::coreLan('log_messages', true);
 			e107::getLog()->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".e107::getParser()->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING);
-
-			e107::getRedirect()->redirect('admin.php?failed');
 		}
-
-		exit;
-
 	}
 
 
@@ -274,28 +269,20 @@ public function authform()  // NOTE: this should NOT be a template of the admin-
 	// Start Clean 
 	// NOTE: this should NOT be a template of the admin-template, however themes may style it using css. 
 	
-		$class = (e_QUERY === 'failed') ? "class='e-shake'" : "";
-
 		$text = "<form id='admin-login' method='post' action='".e_SELF."' {$incChap} >
 		<div id='logo' ><img src='".e_IMAGE."logo_template_large.png' alt='".LAN_LOGIN."' /></div>
 		<div id='login-admin' class='center'>
 		<div>";
 
-		if(e_QUERY === 'failed')
-		{
-			e107::lan('core', 'login');
-			$text .= e107::getMessage()->render(); // see e107_handlers/login.php L622
-			$text .= "<script>
-				window.setTimeout(function() {
-			    $('.alert').fadeTo(500, 0).slideUp(500, function(){
-			        $(this).remove();
-			    });
-			}, 7000);
-			</script>";
-
-		}
-
-
+		e107::lan('core', 'login');
+		$text .= e107::getMessage()->render(); // see e107_handlers/login.php L622
+		$text .= "<script>
+			window.setTimeout(function() {
+		    $('.alert').fadeTo(500, 0).slideUp(500, function(){
+		        $(this).remove();
+		    });
+		}, 7000);
+		</script>";
 
 		$text .= "
 		<div class='panel well panel-primary'>
diff --git a/e107_handlers/login.php b/e107_handlers/login.php
index 3cf64d937b..d32bde8ed1 100644
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -646,7 +646,7 @@ protected function invalidLogin($username, $reason, $extra_text = '')
 				$this->logNote('LAN_ROLL_LOG_10', $username);
 		}
 
-		e107::getMessage()->reset()->addError($message, 'default', true); // prevent duplicates, session=true needed for admin-area login.
+		e107::getMessage()->reset()->addError($message); // prevent duplicates
 
 		if($this->testMode === true)
 		{
diff --git a/e107_tests/tests/acceptance/0001_AdminLoginCest.php b/e107_tests/tests/acceptance/0001_AdminLoginCest.php
index 8575c3e250..991e68ac91 100644
--- a/e107_tests/tests/acceptance/0001_AdminLoginCest.php
+++ b/e107_tests/tests/acceptance/0001_AdminLoginCest.php
@@ -11,7 +11,19 @@ public function _after(AcceptanceTester $I)
 	{
 	}
 
-	// tests
+	/**
+	 * @see https://github.com/e107inc/e107/issues/4779
+	 */
+	public function testAdminFailedLogin(AcceptanceTester $I)
+	{
+		$I->wantTo("See a login failure message in the admin area if I put in the wrong credentials");
+		$I->amOnPage("/e107_admin/admin.php");
+		$I->fillField('authname', 'e107');
+		$I->fillField('authpass', 'wrong password');
+		$I->click('authsubmit');
+		$I->see("Your login details don't match any registered user");
+	}
+
 	public function testAdminLogin(AcceptanceTester $I)
 	{
 
@@ -27,7 +39,6 @@ public function testAdminLogin(AcceptanceTester $I)
 
 	}
 
-
 	private function e107Login(AcceptanceTester $I)
 	{
 		$I->amOnPage('/e107_admin/admin.php');