Message of the day:
Welcome to SilverStripe | Current stable: https://goo.gl/C4F1T9 | Dev Mailing List: https://goo.gl/swDwgm | Feature requests: https://goo.gl/EcQ34L | Community Forum: https://forum.silverstripe.org
If you have any SilverStripe related questions, please supply the version of Framework you're using.
Did you flush? 🚽 =
Anyway, good night and imagine pleasant nonsense people!
If you want a custom login form, you're better off posting your login/register data to the
Security Controller, and hook in to the various extension points it provides, instead of trying to do it completely yourself 🙂
Admitted, that is a very low usecase, but it could happen
You're also attempting to save a member with a null password, that's quite dangerous, because it is not a direct relation to the new member it's password. There is, depending on your PHP setting, a change your new member's password is accepted and send back as an empty string instead of
Authentication and Authorisation is a complex beast and you're trying to solve something in a simple way. I would say, have a look at ways to extend the login properly. Right now, you're just assuming instead of accepting. If you don't investigate and get it right, I foresee a lot of painful moments in your future
Secondary, the login method should give you something to go with, e.g. true or false, so that's something to keep in mind. Like I said, you're "just" adding new members, when someone registers with an existing address, you're entirely ignoring the error thrown
Your login has quite a few issues actually.... but ignoring validation is indeed your primary issue
You're also not properly validating the password, you're assuming it's a new member....
I found the issue; I wasn't redirecting back when there were form errors, and password validation has improved 😛