X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=07c601a4dba7aa70d6254e02713a5ab55f980cd2;hb=3593f3f1323bfce289bc9805629f7d126dac7ae6;hp=dc6352368a698e0753619bdb9827df4b555585d9;hpb=369885f04f6822355da24595637916e4263db702;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index dc6352368a..07c601a4db 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,6 +62,28 @@ class LoginAction extends Action return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * @@ -96,27 +118,10 @@ class LoginAction extends Action * @return void */ - function checkLogin($user_id=null, $token=null) + function checkLogin($user_id=null) { // XXX: login throttle - // CSRF protection - token set in NoticeForm - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $st = common_session_token(); - if (empty($token)) { - common_log(LOG_WARNING, 'No token provided by client.'); - } else if (empty($st)) { - common_log(LOG_WARNING, 'No session token stored.'); - } else { - common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st); - } - - $this->clientError(_('There was a problem with your session token. '. - 'Try again, please.')); - return; - } - $nickname = $this->trimmed('nickname'); $password = $this->arg('password'); @@ -239,7 +244,6 @@ class LoginAction extends Action $this->elementEnd('li'); $this->elementEnd('ul'); $this->submit('submit', _('Login')); - $this->hidden('token', common_session_token()); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementStart('p');