I'm getting this error when a username matches, but a password doesn't. Which is good if you want a hacker to find they're using the correct email address to log in and can keep guessing the password.
What I would like to know is, how do I stop this message from showing up when they have entered a correct address, but wrong password?
In my View, I just have this...
@if($errors->has('login'))
<div class="alert alert-danger">{{ $errors->first('login', ':message') }}</div>
@endif
I'm using Sentry's default configuration, is there something I could just set to false so this message doesn't show? I would like it to show all the other error messages, just not this one as it's a pretty big security risk.
Any help on this would be grateful.
The docs for sentry (and I would) recommend using a try catch on the server side validation routine instead. Sentry Documentation
Specifically catch the Cartalyst\Sentry\Users\WrongPasswordException and set your own error message
try
{
// Set login credentials
$credentials = array(
'email' => '[email protected]',
'password' => 'test',
);
// Try to authenticate the user
$user = Sentry::authenticate($credentials, false);
}
catch (Cartalyst\Sentry\Users\WrongPasswordException $e)
{
echo 'Wrong Login Info, try again.';
}