25e4207563
I get a fair number of "forgot password" emails where the person is actually trying to log in with the wrong username. Normally, a login system shouldn't display whether the username or password was the incorrect part, but since it's already public information which usernames exist on Tildes (simply by visiting /user/<username>), this really isn't meaningfully hiding anything. It would only have any effect on the most absolutely naive attackers. I think it's an acceptable trade-off to help out people that are inadvertently trying to log in with the wrong username instead.
Tildes
This is the code behind Tildes, a non-profit community site. The official repository is located on GitLab at https://gitlab.com/tildes/tildes
For general information about Tildes and its goals, please see the announcement blog post and the Tildes Docs site.
Issue tracker / plans
Known issues and plans for upcoming changes are tracked on GitLab: https://gitlab.com/tildes/tildes/issues
The "board" view is useful as an overview: https://gitlab.com/tildes/tildes/boards
Contributing to Tildes development
Please see the Contributing doc for more detailed information about setting up a development version of Tildes and how to contribute to development.
License
Copyright (c) 2018 Tildes contributors code@tildes.net
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.