If plugins return false when login, should mark as failure.

[asika32764]

Move the return line into if block.

I found that if plugin return FALSE from onUserBeforeLogin, Application will still return true. This situation should mark as failure and goto onUserLoginFailure.

[SharkyKZ]

Suggested change

[bembelimen]

Did you check what happens if one login works (e.g. the default Joomla! login) and another fails...? Is the user logged in after?

[asika32764]

Must test in a custom plugin or custom login code. This issue will only happened if a developer attempts to use $app->login() to make their own login flow in 3rd party components.

I'm still thinking how to attach simple code to reproduce this issue.

[ghost]

@asika32764 whats the state of this Pull Request?

[SharkyKZ]

To reproduce the issue in core:

Enable System - User Log plugin.
Try to login to administrator area with unauthorized user (should see You do not have access to the Administrator section of this site. message).
Check administrator/logs/error.php log. The login failure should be logged but it's not.

[SharkyKZ]

I have tested this item ✅ successfully on c6fccec

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22936.}

[ghost]

@SharkyKZ thanks for the clear Test Instructions. At CloudAccess i have to upgrade to unlock Logs, so can't test.

[asika32764]

Thanks @SharkyKZ

I'm trying to create a plugin to reproduce this issue but your way is more simpler to test.

[Quy]

I have tested this item ✅ successfully on e5a7c2d

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22936.}

[Quy]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22936.}

[HLeithner]

thx