back out my change to the link format; see if it helps

[quix0rs-gnu-social.git] / actions / login.php
diff --git a/actions/login.php b/actions/login.php

index 400957e05b1c5fa2185f06ddb8f70775a4a2e37c..0f2dec1a41e38ba9403f4eedcde91b9a0b83e7ed 100644 (file)
--- a/actions/login.php
+++ b/actions/login.php
@@ -31,7 +31,7 @@ class LoginAction extends Action {
                         $this->show_form();
                 }
         }
-       
+
         function check_login() {
                 # XXX: form token in $_SESSION to prevent XSS
                 # XXX: login throttle
@@ -40,7 +40,7 @@ class LoginAction extends Action {
                 if (common_check_user($nickname, $password)) {
                         # success!
                         if (!common_set_user($nickname)) {
-                               common_server_error(_t('Error setting user.'));
+                               common_server_error(_('Error setting user.'));
                                 return;
                         }
                         common_real_login(true);
@@ -60,11 +60,18 @@ class LoginAction extends Action {
                         }
                         common_redirect($url);
                 } else {
-                       $this->show_form(_t('Incorrect username or password.'));
+                       $this->show_form(_('Incorrect username or password.'));
+                       return;
+               }
+
+               # success!
+               if (!common_set_user($user)) {
+                       common_server_error(_('Error setting user.'));
+                       return;
                 }
-               
+
                 common_real_login(true);
-               
+
                 if ($this->boolean('rememberme')) {
                         common_debug('Adding rememberme cookie for ' . $nickname);
                         common_rememberme($user);
@@ -102,10 +109,21 @@ class LoginAction extends Action {
         }
  
         function get_instructions() {
-               return _t('Login with your username and password. ' .
-                                 'Don\'t have a username yet? ' .
-                                 '[Register](%%action.register%%) a new account, or ' .
-                                 'try [OpenID](%%action.openidlogin%%). ');
+               if (common_logged_in() &&
+                       !common_is_real_login() &&
+                       common_get_returnto())
+               {
+                       # rememberme logins have to reauthenticate before
+                       # changing any profile settings (cookie-stealing protection)
+                       return _('For security reasons, please re-enter your ' .
+                                        'user name and password ' .
+                                        'before changing your settings.');
+               } else {
+                       return _('Login with your username and password. ' .
+                                        'Don\'t have a username yet? ' .
+                                        '[Register](%%action.register%%) a new account, or ' .
+                                        'try [OpenID](%%action.openidlogin%%). ');
+               }
         }
  
         function show_top($error=NULL) {
@@ -120,4 +138,3 @@ class LoginAction extends Action {
                 }
         }
  }
-#
-\ No newline at end of file