I believe it's being set in helper_php.php in the WA_AuthenticateUser function, but I can't find anywhere that the new behavior calls that function. Here's the updated behavior. Am I missing something or did I just not trace the behavior correctly?
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$Authenticate = new WA_MySQLi_Auth($local_i);
$Authenticate->Action = "authenticate";
$Authenticate->Name = "userlogin";
$Authenticate->Table = "login";
$Authenticate->addFilter("email_address", "=", "s", "".((isset($_POST["Log_In_group_Username"]))?$_POST["Log_In_group_Username"]:"") ."");
$Authenticate->addFilter("email_verified", "=", "i", "1");
$Authenticate->addFilter("verification_hash", "=", "s", "");
$Authenticate->addFilter("password", "=", "s", "".WA_SHA1Encryption(((isset($_POST["Log_In_group_2_Password"]))?$_POST["Log_In_group_2_Password"]:"")) ."");
$Authenticate->addFilter("active", "=", "i", "1");
$Authenticate->storeResult("person", "userlogin_id");
$Authenticate->storeResult("email_address", "username");
$Authenticate->AutoReturn = true;
$SuccessRedirect = "includes/set_sessions.php?loggedIn=1";
$FailedRedirect = "login.php?failedLogin=1";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
}