Revert "Remove more contractions"

[quix0rs-gnu-social.git] / actions / login.php

diff --git a/actions/login.php b/actions/login.php
index 6f1b4777e5ddb2f8960ab4a80c4e8e61480922de..ad57dd66782ff221511a38b975c447b4f7d30c7c 100644 (file)
--- a/actions/login.php
+++ b/actions/login.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Laconica, the distributed open-source microblogging tool
+ * StatusNet, the distributed open-source microblogging tool
  *
  * Login form
  *
@@ -20,14 +20,15 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
  * @category  Login
- * @package   Laconica
- * @author    Evan Prodromou <evan@controlyourself.ca>
- * @copyright 2008-2009 Control Yourself, Inc.
+ * @package   StatusNet
+ * @author    Evan Prodromou <evan@status.net>
+ * @author    Sarven Capadisli <csarven@status.net>
+ * @copyright 2008-2009 StatusNet, Inc.
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
- * @link      http://laconi.ca/
+ * @link      http://status.net/
  */
 
-if (!defined('LACONICA')) {
+if (!defined('STATUSNET') && !defined('LACONICA')) {
     exit(1);
 }
 
@@ -35,10 +36,11 @@ if (!defined('LACONICA')) {
  * Login form
  *
  * @category Personal
- * @package  Laconica
- * @author   Evan Prodromou <evan@controlyourself.ca>
+ * @package  StatusNet
+ * @author   Evan Prodromou <evan@status.net>
+ * @author   Sarven Capadisli <csarven@status.net>
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
- * @link     http://laconi.ca/
+ * @link     http://status.net/
  */
 
 class LoginAction extends Action
@@ -65,8 +67,6 @@ class LoginAction extends Action
      *
      * Switches on request method; either shows the form or handles its input.
      *
-     * Checks if only OpenID is allowed and redirects to openidlogin if so.
-     *
      * @param array $args $_REQUEST data
      *
      * @return void
@@ -75,12 +75,12 @@ class LoginAction extends Action
     function handle($args)
     {
         parent::handle($args);
-        if (common_config('site', 'openidonly')) {
-            common_redirect(common_local_url('openidlogin'));
-        } else if (common_is_real_login()) {
+        if (common_is_real_login()) {
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->checkLogin();
+        } else if (isset($args['user_id']) && isset($args['token'])){
+            $this->checkLogin($args['user_id'],$args['token']);
         } else {
             common_ensure_session();
             $this->showForm();
@@ -97,23 +97,48 @@ class LoginAction extends Action
      * @return void
      */
 
-    function checkLogin()
+    function checkLogin($user_id=null, $token=null)
     {
-        // XXX: login throttle
-
-        // CSRF protection - token set in NoticeForm
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            $this->clientError(_('There was a problem with your session token. '.
-                                 'Try again, please.'));
-            return;
+        if(isset($token) && isset($user_id)){
+            //Token based login (from the LoginCommand)
+            $login_token = Login_token::staticGet('user_id',$user_id);
+            if($login_token && $login_token->token == $token){
+                if($login_token->modified > time()+2*60){
+                    //token has expired
+                    //delete the token as it is useless
+                    $login_token->delete();
+                    $this->showForm(_('Invalid or expired token.'));
+                    return;
+                }else{
+                    //delete the token so it cannot be reused
+                    $login_token->delete();
+                    //it's a valid token - let them log in
+                    $user = User::staticGet('id', $user_id);
+                    //$user = User::staticGet('nickname', "candrews");
+                }
+            }else{
+                $this->showForm(_('Invalid or expired token.'));
+                return;
+            }
+        }else{
+            // Regular form submission login
+
+            // XXX: login throttle
+
+            // CSRF protection - token set in NoticeForm
+            $token = $this->trimmed('token');
+            if (!$token || $token != common_session_token()) {
+                $this->clientError(_('There was a problem with your session token. '.
+                                     'Try again, please.'));
+                return;
+            }
+
+            $nickname = common_canonical_nickname($this->trimmed('nickname'));
+            $password = $this->arg('password');
+
+            $user = common_check_user($nickname, $password);
         }
 
-        $nickname = common_canonical_nickname($this->trimmed('nickname'));
-        $password = $this->arg('password');
-
-        $user = common_check_user($nickname, $password);
-
         if (!$user) {
             $this->showForm(_('Incorrect username or password.'));
             return;
@@ -162,6 +187,12 @@ class LoginAction extends Action
         $this->showPage();
     }
 
+    function showScripts()
+    {
+        parent::showScripts();
+        $this->autofocus('nickname');
+    }
+
     /**
      * Title of the page
      *
@@ -251,11 +282,6 @@ class LoginAction extends Action
             return _('For security reasons, please re-enter your ' .
                      'user name and password ' .
                      'before changing your settings.');
-        } else if (common_config('openid', 'enabled')) {
-            return _('Login with your username and password. ' .
-                     'Don\'t have a username yet? ' .
-                     '[Register](%%action.register%%) a new account, or ' .
-                     'try [OpenID](%%action.openidlogin%%). ');
         } else {
             return _('Login with your username and password. ' .
                      'Don\'t have a username yet? ' .