From 9fdd8ceca285e4c10face2c986258876e7b279f5 Mon Sep 17 00:00:00 2001
From: ty53 <44530897+ty53@users.noreply.github.com>
Date: Fri, 30 Nov 2018 16:30:48 +0000
Subject: [PATCH] Update Login.php

Anonymize error messages, so user is unaware whether the user exists or whether the password was wrong.
---
 classes/Login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/Login.php b/classes/Login.php
index 7df819f..b3285e8 100644
--- a/classes/Login.php
+++ b/classes/Login.php
@@ -88,10 +88,10 @@ private function dologinWithPostData()
                         $_SESSION['user_login_status'] = 1;
 
                     } else {
-                        $this->errors[] = "Wrong password. Try again.";
+                        $this->errors[] = "The username or password entered is incorrect.  Please try again.";
                     }
                 } else {
-                    $this->errors[] = "This user does not exist.";
+                    $this->errors[] = "The username or password entered is incorrect.  Please try again.";
                 }
             } else {
                 $this->errors[] = "Database connection problem.";