common_user_error(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$openid_url = $this->trimmed('openid_url');
+
+ # CSRF protection
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
+ return;
+ }
+
+ $rememberme = $this->boolean('rememberme');
+
+ common_ensure_session();
+
+ $_SESSION['openid_rememberme'] = $rememberme;
+
$result = oid_authenticate($openid_url,
'finishopenidlogin');
+
if (is_string($result)) { # error message
+ unset($_SESSION['openid_rememberme']);
$this->show_form($result, $openid_url);
}
} else {
common_element_start('form', array('method' => 'post',
'id' => 'openidlogin',
'action' => $formaction));
+ common_hidden('token', common_session_token());
common_input('openid_url', _('OpenID URL'),
$openid_url,
_('Your OpenID URL'));
+ common_checkbox('rememberme', _('Remember me'), false,
+ _('Automatically login in the future; ' .
+ 'not for shared computers!'));
common_submit('submit', _('Login'));
common_element_end('form');
common_show_footer();
projects / quix0rs-gnu-social.git / blobdiff