diff --git a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
index 739a7b7..eb6881a 100644
--- a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
+++ b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
@@ -1,115 +1,124 @@
 <?php
-	require_once('AuthPlugin.php');
-	class Auth_FAS extends AuthPlugin {
-		function authenticate($username, $password) {
-                        if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
-                                return false;
-                        }
+require_once('AuthPlugin.php');
+class Auth_FAS extends AuthPlugin {
+    function authenticate($username, $password) {
+        if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
+            return false;
+        }
 
-			$username = strtolower( $username);
-			$ch = curl_init();
+        $username = strtolower( $username);
+        $ch = curl_init();
 
-			curl_setopt($ch, CURLOPT_URL, 'https://admin.fedoraproject.org/accounts/json/person_by_username?tg_format=json');
-			curl_setopt($ch, CURLOPT_POST, 1);
-			curl_setopt($ch, CURLOPT_USERAGENT, "Auth_FAS 0.9");
-			curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-			curl_setopt($ch, CURLOPT_VERBOSE, 0);
-            # The following two lines need to be enabled when using a test FAS
-            # with an invalid cert.  Otherwise they should be commented (or 
-            # set to True) for security.
-			#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
-			#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
-			$response = json_decode(curl_exec($ch), true);
-			curl_close ($ch);
+        curl_setopt($ch, CURLOPT_URL, 'https://admin.fedoraproject.org/accounts/json/person_by_username?tg_format=json');
+        curl_setopt($ch, CURLOPT_POST, 1);
+        curl_setopt($ch, CURLOPT_USERAGENT, "Auth_FAS 0.9");
+        curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 
-			if (!isset($response["success"])) return false;
+        # WARNING: Never leave this on in production, as it will cause
+        # plaintext passwords to show up in error logs.
+        curl_setopt($ch, CURLOPT_VERBOSE, 0);
 
-			$groups = $response["person"]["approved_memberships"];
+        # The following two lines need to be enabled when using a test FAS
+        # with an invalid cert.  Otherwise they should be commented (or
+        # set to True) for security.
+        #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
+        #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+        $response = json_decode(curl_exec($ch), true);
+        curl_close ($ch);
 
-			for ($i = 0, $cnt = count($groups); $i < $cnt; $i++) {
-   				if ($groups[$i]["name"] == "cla_done") {
-				       return true;
-				}
-			}
-			return false;
-		}
+        if (!isset($response["success"])) {
+            fwrite(STDERR, "FAS auth failed for $username: incorrect username or password\n");
+            return false;
+        }
 
-		function userExists( $username ) {
-			if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
-				return false;
-			}
-			return true;
-		}
+        $groups = $response["person"]["approved_memberships"];
 
-		function modifyUITemplate(&$template) {
-			$template->set('create',	false);
-			$template->set('useemail',	false);
-			$template->set('usedomain',	false);
-		}
-		
-		function updateUser( &$user ){
-			$user->mEmail	=	strtolower($user->getName())."@fedoraproject.org";
-			return true;
-		}
+        for ($i = 0, $cnt = count($groups); $i < $cnt; $i++) {
+            if ($groups[$i]["name"] == "cla_done") {
+                fwrite(STDERR, "FAS auth succeeded for $username\n");
+                return true;
+            }
+        }
+        fwrite(STDERR, "FAS auth failed for $username: insufficient group membership\n");
+        return false;
+    }
 
-		function autoCreate() {
-			return true;
-		}
+    function userExists( $username ) {
+        if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
+            return false;
+        }
+        return true;
+    }
 
-		function setPassword($password) {
-			return false;
-		}
+    function modifyUITemplate(&$template) {
+        $template->set('create', false);
+        $template->set('useemail', false);
+        $template->set('usedomain', false);
+    }
 
-		function setDomain( $domain ) {
-			$this->domain = $domain;
-		}
+    function updateUser( &$user ){
+        $user->mEmail = strtolower($user->getName())."@fedoraproject.org";
+        return true;
+    }
 
-		function validDomain( $domain ) {
-			return true;
-		}
+    function autoCreate() {
+        return true;
+    }
 
-		function updateExternalDB($user) {
-			return true;
-		}
+    function setPassword($password) {
+        return false;
+    }
 
-		function canCreateAccounts() {
-			return false;
-		}
+    function setDomain( $domain ) {
+        $this->domain = $domain;
+    }
 
-		function addUser($user, $password) {
-			return true;
-		}
+    function validDomain( $domain ) {
+        return true;
+    }
 
-		function strict() {
-			return true;
-		}
+    function updateExternalDB($user) {
+        return true;
+    }
 
-		function strictUserAuth( $username ) {
-			return true;
-		}
+    function canCreateAccounts() {
+        return false;
+    }
 
-		function allowPasswordChange() {
-			return false;
-		}
+    function addUser($user, $password) {
+        return true;
+    }
 
-		function initUser(&$user) {
-			$user->mEmail	=	strtolower($user->getName())."@fedoraproject.org";
-			$user->mEmailAuthenticated =	wfTimestampNow();
-			$user->setToken();
-			$user->saveSettings();
-			return true;
-		}
-	}
+    function strict() {
+        return true;
+    }
+
+    function strictUserAuth( $username ) {
+        return true;
+    }
+
+    function allowPasswordChange() {
+        return false;
+    }
+
+    function initUser(&$user) {
+        $user->mEmail = strtolower($user->getName())."@fedoraproject.org";
+        $user->mEmailAuthenticated = wfTimestampNow();
+        $user->setToken();
+        $user->saveSettings();
+        return true;
+    }
+}
 
 /**
  * Some extension information init
  */
 $wgExtensionCredits['other'][] = array(
-   'name' => 'Auth_FAS',
-   'version' => '0.9.1',
-   'author' => 'Nigel Jones',
-   'description' => 'Authorisation plugin allowing login with FAS2 accounts'#,
+    'name' => 'Auth_FAS',
+    'version' => '0.9.1',
+    'author' => 'Nigel Jones',
+    'description' => 'Authorisation plugin allowing login with FAS2 accounts'
 );
 
 ?>