diff --git a/core/authentication/resources/classes/plugins/database.php b/core/authentication/resources/classes/plugins/database.php
index 6c9e1454ce..c7e6b6755a 100644
--- a/core/authentication/resources/classes/plugins/database.php
+++ b/core/authentication/resources/classes/plugins/database.php
@@ -107,7 +107,8 @@ class plugin_database {
 					$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 					$view->assign("login_logo_source", $settings['theme']['logo']);
 					$view->assign("message_delay", $settings['theme']['message_delay']);
-					if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && $_SESSION['authentication']['plugin']['database']['authorized'] == 1 && !empty($_SESSION['username'])) {
+// 					if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && $_SESSION['authentication']['plugin']['database']['authorized'] == 1 && !empty($_SESSION['username'])) {
+					if (!empty($_SESSION['username'])) {
 						$view->assign("login_password_description", $text['label-password_description']);
 						$view->assign("username", $_SESSION['username']);
 						$view->assign("button_cancel", $text['button-cancel']);
@@ -191,7 +192,7 @@ class plugin_database {
 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
 			$database = new database;
 			$row = $database->select($sql, $parameters, 'row');
-			if (is_array($row)) {
+			if (!empty($row) && is_array($row) && @sizeof($row) != 0) {
 
 				//set the domain details
 					$this->domain_uuid = $_SESSION['domain_uuid'];
@@ -287,7 +288,11 @@ class plugin_database {
 						}
 					}
 					else {
-						unset($_SESSION['username'], $_REQUEST['username'], $_POST['username'], $this->username);
+						//clear authentication session
+						unset($_SESSION['authentication']);
+
+						// clear username
+						unset($_SESSION['username'], $_REQUEST['username'], $_POST['username']);
 					}
 
 			}
diff --git a/core/authentication/resources/classes/plugins/email.php b/core/authentication/resources/classes/plugins/email.php
index 5ded79ef34..853eaf29b7 100644
--- a/core/authentication/resources/classes/plugins/email.php
+++ b/core/authentication/resources/classes/plugins/email.php
@@ -56,6 +56,7 @@ class plugin_email {
 			$settings['theme']['logo'] = !empty($_SESSION['theme']['logo']['text']) ? $_SESSION['theme']['logo']['text'] : PROJECT_PATH.'/themes/default/images/logo_login.png';
 			$settings['theme']['login_logo_width'] = !empty($_SESSION['theme']['login_logo_width']['text']) ? $_SESSION['theme']['login_logo_width']['text'] : 'auto; max-width: 300px';
 			$settings['theme']['login_logo_height'] = !empty($_SESSION['theme']['login_logo_height']['text']) ? $_SESSION['theme']['login_logo_height']['text'] : 'auto; max-height: 300px';
+			$settings['theme']['message_delay'] = isset($_SESSION['theme']['message_delay']) ? 1000 * (float) $_SESSION['theme']['message_delay'] : 3000;
 
 			//set a default template
 			$_SESSION['domain']['template']['name'] = 'default';
@@ -99,6 +100,7 @@ class plugin_email {
 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("button_login", $text['button-login']);
+				$view->assign("message_delay", $settings['theme']['message_delay']);
 
 				//messages
 				$view->assign('messages', message::html(true, '		'));
@@ -151,10 +153,13 @@ class plugin_email {
 				//user not found
 				if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
 					//clear submitted usernames
-					unset($this->username, $_SESSION['username'], $_POST['username']);
+					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
+
+					//clear authentication session
+					unset($_SESSION['authentication']);
 
 					//build the result array
-					$result["plugin"] = "totp";
+					$result["plugin"] = "email";
 					$result["domain_uuid"] = $_SESSION["domain_uuid"];
 					$result["domain_name"] = $_SESSION["domain_name"];
 					$result["authorized"] = false;
@@ -165,6 +170,12 @@ class plugin_email {
 
 				//user email not found
 				else if (empty($row["user_email"])) {
+					//clear submitted usernames
+					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
+
+					//clear authentication session
+					unset($_SESSION['authentication']);
+
 					//build the result array
 					$result["plugin"] = "email";
 					$result["domain_name"] = $_SESSION["domain_name"];
@@ -185,8 +196,8 @@ class plugin_email {
 				$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
 				$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
 
-				////$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
-				////$_SESSION["authentication_date"] = 'now()';
+				//$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
+				//$_SESSION["authentication_date"] = 'now()';
 
 				//set the authentication code
 				//$sql = "update v_users \n";
@@ -346,6 +357,11 @@ class plugin_email {
 				$this->user_email = $row['user_email'];
 				$this->contact_uuid = $row['contact_uuid'];
 				unset($parameters);
+				/*
+				echo 'session code = '.$_SESSION["user"]["authentication"]["email"]["code"].'<br>';
+				echo 'post code = '.$_POST['authentication_code'].'<br>';
+				exit;
+				*/
 
 				//validate the code
 				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
@@ -379,18 +395,25 @@ class plugin_email {
 					//$_SESSION["contact_uuid"] = $row["contact_uuid"];
 				}
 				else {
-					//destroy session
-					session_unset();
-					session_destroy();
-					//$_SESSION['authentication']['plugin']
-					//send http 403
-					header('HTTP/1.0 403 Forbidden', true, 403);
+// 					//destroy session
+// 					session_unset();
+// 					session_destroy();
+// 					//$_SESSION['authentication']['plugin']
+// 					//send http 403
+// 					header('HTTP/1.0 403 Forbidden', true, 403);
+//
+// 					//redirect to the root of the website
+// 					header("Location: ".PROJECT_PATH."/");
+//
+// 					//exit the code
+// 					exit();
 
-					//redirect to the root of the website
-					header("Location: ".PROJECT_PATH."/");
+					//clear submitted usernames
+					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
+
+					//clear authentication session
+					unset($_SESSION['authentication']);
 
-					//exit the code
-					exit();
 				}
 
 				/*
@@ -422,6 +445,13 @@ class plugin_email {
 				$result["domain_uuid"] = $_SESSION["domain_uuid"];
 				$result["contact_uuid"] = $_SESSION["contact_uuid"];
 				$result["authorized"] = $auth_valid ? true : false;
+
+				//add the failed login to user logs
+				if (!$auth_valid) {
+					user_logs::add($result);
+				}
+
+				//retun the array
 				return $result;
 
 				//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
diff --git a/core/authentication/resources/classes/plugins/totp.php b/core/authentication/resources/classes/plugins/totp.php
index a3be0c2e14..03df08b2f5 100644
--- a/core/authentication/resources/classes/plugins/totp.php
+++ b/core/authentication/resources/classes/plugins/totp.php
@@ -64,6 +64,7 @@ class plugin_totp {
 			}
 			if (isset($_POST['username'])) {
 				$this->username = $_POST['username'];
+				$_SESSION["username"] = $this->username;
 			}
 
 		//request the username
@@ -153,7 +154,7 @@ class plugin_totp {
 				$row = $database->select($sql, $parameters, 'row');
 				if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
 					//clear submitted usernames
-					unset($this->username, $_SESSION['username'], $_POST['username']);
+					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
 
 					//build the result array
 					$result["plugin"] = "totp";
@@ -278,6 +279,7 @@ class plugin_totp {
 					$view->assign("totp_description", $text['description-totp']);
 					$view->assign("button_next", $text['button-next']);
 					$view->assign("favicon", $settings['theme']['favicon']);
+					$view->assign("message_delay", $settings['theme']['message_delay']);
 
 					//messages
 					$view->assign('messages', message::html(true, '		'));
@@ -288,6 +290,7 @@ class plugin_totp {
 				else {
 					//assign values to the template
 					$view->assign("button_verify", $text['label-verify']);
+					$view->assign("message_delay", $settings['theme']['message_delay']);
 
 					//messages
 					$view->assign('messages', message::html(true, '		'));
@@ -354,18 +357,24 @@ class plugin_totp {
 					unset($parameters);
 				}
 				else {
-					//destroy session
-					session_unset();
-					session_destroy();
+// 					//destroy session
+// 					session_unset();
+// 					session_destroy();
+//
+// 					//send http 403
+// 					header('HTTP/1.0 403 Forbidden', true, 403);
+//
+// 					//redirect to the root of the website
+// 					header("Location: ".PROJECT_PATH."/");
+//
+// 					//exit the code
+// 					exit();
 
-					//send http 403
-					header('HTTP/1.0 403 Forbidden', true, 403);
+					//clear authentication session
+					unset($_SESSION['authentication']);
 
-					//redirect to the root of the website
-					header("Location: ".PROJECT_PATH."/");
-
-					//exit the code
-					exit();
+					// clear username
+					unset($_SESSION["username"]);
 				}
 
 				/*