MDL-63994 login: Improve the logintoken param input
The logintoken is supposed to arrive as a part of the login form ($frm) together with the username and password. So it should be handled the same way - including the opportunity for the auth plugins to provide the form data via the loginpage_hook(). This also implies that only logintoken coming as a part of the POST request are taken into account, which is a good thing and another thin layer in this security mechanism.
Showing with 1 addition and 1 deletion