X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=8ea3c800b70f72d1915dd497e0d4fe76d14bf728;hb=22255da735d1fc55466be51c3fae2a3d0b78e484;hp=224b30f6fb2537c4af89e59f0500144191234430;hpb=05b00cc7df22d2e998d642e91fee6cea317a9b83;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index 224b30f6fb..8ea3c800b7 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,9 +1,12 @@ . + * + * @category Login + * @package StatusNet + * @author Evan Prodromou + * @author Sarven Capadisli + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ */ -if (!defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Login form + * + * @category Personal + * @package StatusNet + * @author Evan Prodromou + * @author Sarven Capadisli + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ class LoginAction extends Action { + /** + * Has there been an error? + */ + var $error = null; - - function isReadOnly() + + /** + * Is this a read-only action? + * + * @return boolean false + */ + + function isReadOnly($args) { - return true; + return false; } + /** + * Handle input, produce output + * + * Switches on request method; either shows the form or handles its input. + * + * @param array $args $_REQUEST data + * + * @return void + */ + function handle($args) { parent::handle($args); + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); } else { + common_ensure_session(); $this->showForm(); } } - function checkLogin() + /** + * Check the login data + * + * Determines if the login data is valid. If so, logs the user + * in, and redirects to the 'with friends' page, or to the stored + * return-to URL. + * + * @return void + */ + + function checkLogin($user_id=null, $token=null) { - # XXX: login throttle + // XXX: login throttle - # CSRF protection - token set in common_notice_form() + // CSRF protection - token set in NoticeForm $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. Try again, please.')); + $st = common_session_token(); + if (empty($token)) { + common_log(LOG_WARNING, 'No token provided by client.'); + } else if (empty($st)) { + common_log(LOG_WARNING, 'No session token stored.'); + } else { + common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st); + } + + $this->clientError(_('There was a problem with your session token. '. + 'Try again, please.')); return; } - $nickname = common_canonical_nickname($this->trimmed('nickname')); + $nickname = $this->trimmed('nickname'); $password = $this->arg('password'); - if (common_check_user($nickname, $password)) { - # success! - if (!common_set_user($nickname)) { - $this->serverError(_('Error setting user.')); - return; - } - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); - } - # success! - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(null); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } else { + + $user = common_check_user($nickname, $password); + + if (!$user) { $this->showForm(_('Incorrect username or password.')); return; } - # success! + // success! if (!common_set_user($user)) { - $this->serverError(_('Error setting user.')); + $this->serverError(_('Error setting user. You are probably not authorized.')); return; } common_real_login(true); if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); common_rememberme($user); } - # success! + $url = common_get_returnto(); + if ($url) { - # We don't have to return to it again + // We don't have to return to it again common_set_returnto(null); + $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => - $nickname)); + $user->nickname)); } - common_redirect($url); + + common_redirect($url, 303); } + /** + * Store an error and show the page + * + * This used to show the whole page; now, it's just a wrapper + * that stores the error in an attribute. + * + * @param string $error error, if any. + * + * @return void + */ + function showForm($error=null) { - $this->error = $error; - $this->showPage(); + $this->error = $error; + $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + + /** + * Title of the page + * + * @return string title of the page + */ + function title() { - return _('Login'); + return _('Login'); } + /** + * Show page notice + * + * Display a notice for how to use the page, or the + * error if it exists. + * + * @return void + */ + function showPageNotice() { if ($this->error) { $this->element('p', 'error', $this->error); } else { - $instr = $this->getInstructions(); + $instr = $this->getInstructions(); $output = common_markup_to_html($instr); + $this->raw($output); } } - + + /** + * Core of the display code + * + * Shows the login form. + * + * @return void + */ + function showContent() - { + { $this->elementStart('form', array('method' => 'post', - 'id' => 'form_login', - 'class' => 'form_login', - 'action' => common_local_url('login'))); + 'id' => 'form_login', + 'class' => 'form_settings', + 'action' => common_local_url('login'))); $this->elementStart('fieldset'); $this->element('legend', null, _('Login to site')); - $this->elementStart('ul', 'form_datas'); + $this->elementStart('ul', 'form_data'); $this->elementStart('li'); $this->input('nickname', _('Nickname')); $this->elementEnd('li'); @@ -145,7 +235,7 @@ class LoginAction extends Action $this->elementStart('li'); $this->checkbox('rememberme', _('Remember me'), false, _('Automatically login in the future; ' . - 'not for shared computers!')); + 'not for shared computers!')); $this->elementEnd('li'); $this->elementEnd('ul'); $this->submit('submit', _('Login')); @@ -158,22 +248,42 @@ class LoginAction extends Action $this->elementEnd('p'); } + /** + * Instructions for using the form + * + * For "remembered" logins, we make the user re-login when they + * try to change settings. Different instructions for this case. + * + * @return void + */ + function getInstructions() { - if (common_logged_in() && - !common_is_real_login() && - common_get_returnto()) - { - # rememberme logins have to reauthenticate before - # changing any profile settings (cookie-stealing protection) + if (common_logged_in() && !common_is_real_login() && + common_get_returnto()) { + // rememberme logins have to reauthenticate before + // changing any profile settings (cookie-stealing protection) return _('For security reasons, please re-enter your ' . 'user name and password ' . 'before changing your settings.'); } else { return _('Login with your username and password. ' . 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); + '[Register](%%action.register%%) a new account.'); } } + + /** + * A local menu + * + * Shows different login/register actions. + * + * @return void + */ + + function showLocalNav() + { + $nav = new LoginGroupNav($this); + $nav->show(); + } }