2
Xoops always keeps a re-direct link for user logins, so it will direct user back to where he/she starts from. Once you were to log in from user.php page because you had supplied wrong user/password combo, you would be re-directed back to user.php page which would show your profile.
Unless you modify user.php or /include/checklogin.php file, there is not much you can do about it. If you were to make changes, then you would lost XOOPS re-direct feature.
Little TIP:
But if in the future you were to be directed to user.php for re-login because of wrong password, click your browswer's back botton and re-login with your correct password. This way you would be re-directed back to where you started from.