- if(isset($token) && isset($user_id)){
- //Token based login (from the LoginCommand)
- $login_token = Login_token::staticGet('user_id',$user_id);
- if($login_token && $login_token->token == $token){
- if($login_token->modified > time()+2*60){
- //token has expired
- //delete the token as it is useless
- $login_token->delete();
- $this->showForm(_('Invalid or expired token.'));
- return;
- }else{
- //delete the token so it cannot be reused
- $login_token->delete();
- //it's a valid token - let them log in
- $user = User::staticGet('id', $user_id);
- //$user = User::staticGet('nickname', "candrews");
- }
- }else{
- $this->showForm(_('Invalid or expired token.'));
- return;
- }
- }else{
- // Regular form submission login
-
- // XXX: login throttle
-
- // CSRF protection - token set in NoticeForm
- $token = $this->trimmed('token');
- if (!$token || $token != common_session_token()) {
- $this->clientError(_('There was a problem with your session token. '.
- 'Try again, please.'));
- return;
- }
-
- $nickname = $this->trimmed('nickname');
- $password = $this->arg('password');
-
- $user = common_check_user($nickname, $password);
+ // XXX: login throttle
+
+ // CSRF protection - token set in NoticeForm
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $st = common_session_token();
+ if (empty($token)) {
+ common_log(LOG_WARNING, 'No token provided by client.');
+ } else if (empty($st)) {
+ common_log(LOG_WARNING, 'No session token stored.');
+ } else {
+ common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
+ }
+
+ $this->clientError(_('There was a problem with your session token. '.
+ 'Try again, please.'));
+ return;