Hi!

Our settings: 'alternateloginurl' is set to customized login page, 'forcelogin' is set to true, 'loginhttps' is set to true (self-signed certificate).

The main goal of customized login page (accessible via http) is about to provide users with instruction about self-signed certificate browser warning.

But current moodle behaviour is a bit confusing: regardless of 'alternateloginurl' settings get_login_url() function is called first and redirects to hardcoded login/index.php and only then within login/index.php 'alternateloginurl' is checked. In this situation browser warning about self-signed certificate appears before our customized login page because https://site/login/index.php is requested prior to customized page.

I think that it is needed to check 'alternateloginurl' inside get_login_url() function.

Thank you in advance.