- if(isset($token) && isset($user_id)){
- //Token based login (from the LoginCommand)
- $login_token = Login_token::staticGet('user_id',$user_id);
- if($login_token && $login_token->token == $token){
- if($login_token->modified > time()+2*60){
- //token has expired
- //delete the token as it is useless
- $login_token->delete();
- $this->showForm(_('Invalid or expired token.'));
- return;
- }else{
- //delete the token so it cannot be reused
- $login_token->delete();
- //it's a valid token - let them log in
- $user = User::staticGet('id', $user_id);
- //$user = User::staticGet('nickname', "candrews");
- }
- }else{
- $this->showForm(_('Invalid or expired token.'));
- return;
- }
- }else{
- // Regular form submission login
-
- // XXX: login throttle
-
- // CSRF protection - token set in NoticeForm
- $token = $this->trimmed('token');
- if (!$token || $token != common_session_token()) {
- $this->clientError(_('There was a problem with your session token. '.
- 'Try again, please.'));
- return;
- }
-
- $nickname = $this->trimmed('nickname');
- $password = $this->arg('password');
-
- $user = common_check_user($nickname, $password);
- }