X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=07c601a4dba7aa70d6254e02713a5ab55f980cd2;hb=3dd734b2c3ea49c55467cfbfd4b3a5fb38456e87;hp=ad57dd66782ff221511a38b975c447b4f7d30c7c;hpb=088081675fb7d5250a9b9dfe5015de0822cb5ac2;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index ad57dd6678..07c601a4db 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,6 +62,28 @@ class LoginAction extends Action return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * @@ -75,12 +97,11 @@ class LoginAction extends Action function handle($args) { parent::handle($args); + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); - } else if (isset($args['user_id']) && isset($args['token'])){ - $this->checkLogin($args['user_id'],$args['token']); } else { common_ensure_session(); $this->showForm(); @@ -97,47 +118,14 @@ class LoginAction extends Action * @return void */ - function checkLogin($user_id=null, $token=null) + function checkLogin($user_id=null) { - if(isset($token) && isset($user_id)){ - //Token based login (from the LoginCommand) - $login_token = Login_token::staticGet('user_id',$user_id); - if($login_token && $login_token->token == $token){ - if($login_token->modified > time()+2*60){ - //token has expired - //delete the token as it is useless - $login_token->delete(); - $this->showForm(_('Invalid or expired token.')); - return; - }else{ - //delete the token so it cannot be reused - $login_token->delete(); - //it's a valid token - let them log in - $user = User::staticGet('id', $user_id); - //$user = User::staticGet('nickname', "candrews"); - } - }else{ - $this->showForm(_('Invalid or expired token.')); - return; - } - }else{ - // Regular form submission login + // XXX: login throttle - // XXX: login throttle + $nickname = $this->trimmed('nickname'); + $password = $this->arg('password'); - // CSRF protection - token set in NoticeForm - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. '. - 'Try again, please.')); - return; - } - - $nickname = common_canonical_nickname($this->trimmed('nickname')); - $password = $this->arg('password'); - - $user = common_check_user($nickname, $password); - } + $user = common_check_user($nickname, $password); if (!$user) { $this->showForm(_('Incorrect username or password.')); @@ -146,7 +134,7 @@ class LoginAction extends Action // success! if (!common_set_user($user)) { - $this->serverError(_('Error setting user.')); + $this->serverError(_('Error setting user. You are probably not authorized.')); return; } @@ -161,10 +149,11 @@ class LoginAction extends Action if ($url) { // We don't have to return to it again common_set_returnto(null); + $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => - $nickname)); + $user->nickname)); } common_redirect($url, 303); @@ -236,9 +225,9 @@ class LoginAction extends Action function showContent() { $this->elementStart('form', array('method' => 'post', - 'id' => 'form_login', - 'class' => 'form_settings', - 'action' => common_local_url('login'))); + 'id' => 'form_login', + 'class' => 'form_settings', + 'action' => common_local_url('login'))); $this->elementStart('fieldset'); $this->element('legend', null, _('Login to site')); $this->elementStart('ul', 'form_data'); @@ -251,11 +240,10 @@ class LoginAction extends Action $this->elementStart('li'); $this->checkbox('rememberme', _('Remember me'), false, _('Automatically login in the future; ' . - 'not for shared computers!')); + 'not for shared computers!')); $this->elementEnd('li'); $this->elementEnd('ul'); $this->submit('submit', _('Login')); - $this->hidden('token', common_session_token()); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementStart('p'); @@ -283,9 +271,13 @@ class LoginAction extends Action 'user name and password ' . 'before changing your settings.'); } else { - return _('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account.'); + $prompt = _('Login with your username and password.'); + if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) { + $prompt .= ' '; + $prompt .= _('Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account.'); + } + return $prompt; } }