Small update request on login modules documentation

[TSP]

I read this: http://www.invisionpower.com/support/guides/_/advanced-and-developers/integration/login-modules-r42

The $password variable that is passed to this method has already been run through the IP.Board input cleansing routines, meaning certain characters have been replaced with HTML entities. If your external application does not do the same thing, this may mean passwords with special characters will fail if you do not account for this. The special characters that IP.Board will replace are:

• to &#092 ; ( no space between 2 and ; )
• ! to !
• $ to $
• & to &
• " to "
• < to &lt;
• > to &gt;
• ' to &#39;

You may wish to convert these characters back to their original form in the $password variable before sending it to your remote application for validation, if appropriate.

And I fell into the trap of writing my str_replace in the order the chars were mentioned.

And this may be extremely obvious (I might be the stupid one here...), but it took me quite a while to figure it out. I'm thinking that other developers possibly could fall into the trap aswell.

Causing input pw! to be converted into pw&amp;&#33;

So I think it would be a good idea to

1. Move & to &amp; at the top of the list

2. Add in a description that it's important it's the first replace done.

[bfarber]

Done

[Clodo76]

Not only the $password field are encoded with HTML entities, also $username. Maybe also $email_address? Specify it in the documentation.

[bfarber]

Email address is, however the characters we encode are largely not valid (or at least commonly used) in email addresses anyways. Nevertheless, I've updated the doc again to indicate this.