Two forms on page, wrong error message displaying

I am using a single page to display both a “application” form and a “sign in” form (sign in form will only work for users granted a role of “participant”, the application form creates a user with role of “applicant”). They work fine apart from an issue with the error messages. If I try to sign in using the sign in form, with a correct email but incorrect password, I get the error “The passwords do not match”, rather than one about an incorrect password. I am not sure where I have gone wrong here - below is my controller file. If anyone has any thoughts that would be great.


return function ($kirby) {

  // Set variables for responses

  $error = null;
  $success = null;
  $signInError = null;

  // Processing a new application

  if($kirby->request()->is('POST') and get('application')) {

    try {
      $password = esc(get('password'));
      $validate = esc(get('validate'));

      if(v::same($password, $validate)) {

        $user = $kirby->users()->create([
          'name'      => esc(get('name')),
          'email'     => esc(get('email')),
          'password'  => esc(get('password')),
          'language'  => 'en',
          'role'      => 'applicant'

        $success = 'Congratulations ' . $user->name() .  ' on a successful application. We will be in touch shortly.';

      } else {

        $error = 'Please note, passwords must be identical!';


    } catch(Exception $e) {

      $error = $e->getMessage();



  if ($kirby->request()->is('POST') && get('signin')) {

    // try to log the user in with the provided credentials
    try {
      $kirby->auth()->login(get('email'), get('password'));

      if (($user = $kirby->user()) && $user->role()->id() === 'participant') {

      else {
        $signInError = 'Please note your application is being processed';

    } catch (Exception $e) {

      $signInError = $e->getMessage();



  return compact('error', 'success', 'signInError');



That seems to be a bug, I get the same error message when trying to log in to the Panel with a wrong password. It used to be just “Invalid login”.

I was told that you get the error message “Passwords do not match” when debugging is enabled, with debugging off, it would just say “Invalid login” when you either provide the wrong password or user.

This change was introduced in 3.5.

In your case, v::same from registering and a wrong password from login will result in the same error message, that’s why it’s confusing.

Hi @texnixe thanks for looking through this for me. The error message when debug is not enabled is generic enough, so that should be fine for now.

To clarify, is there anything wrong with how I have coded it, or am I just hitting a bug?

Nothing wrong with your code, it’s just that the error message was changed to something more specific when debug is enabled, and they have decided to reuse the same error message that is used for v::same(). So it was done on purpose, although maybe there should be two different error messages depending on use case.