X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=93661973287bc5ef74e8f7d8240a3de1e55afb3f;hb=91af9de7e4e477da422880fe9b7f3a49617dc77e;hp=a95dc9e3a3d4511e5f3e3ac81570a242c01e5c4b;hpb=c47de27c114c9998acc01fd2c6df185cd271ec2f;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index a95dc9e3a3..9366197328 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,25 +1,104 @@ . + */ -function handle_login() { - if ($_REQUEST['METHOD'] == 'POST') { - if (login_check_user($_REQUEST['user'], $_REQUEST['password'])) { - +if (!defined('LACONICA')) { exit(1); } + +class LoginAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_is_real_login()) { + common_user_error(_t('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->check_login(); } else { + $this->show_form(); } - } else { - if (user_logged_in()) { + } + + function check_login() { + # XXX: form token in $_SESSION to prevent XSS + # XXX: login throttle + $nickname = $this->arg('nickname'); + $password = $this->arg('password'); + if (common_check_user($nickname, $password)) { + # success! + if (!common_set_user($nickname)) { + common_server_error(_t('Error setting user.')); + return; + } + common_real_login(true); + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme(); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); } else { - login_show_form(); + $this->show_form(_t('Incorrect username or password.')); + } + } + + function show_form($error=NULL) { + common_show_header(_t('Login'), NULL, $error, array($this, 'show_top')); + common_element_start('form', array('method' => 'post', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_input('nickname', _t('Nickname')); + common_password('password', _t('Password')); + common_checkbox('rememberme', _t('Remember me'), false, + _t('Automatically login in the future; ' . + 'not for shared computers!')); + common_submit('submit', _t('Login')); + common_element_end('form'); + common_element_start('p'); + common_element('a', array('href' => common_local_url('recoverpassword')), + _t('Lost or forgotten password?')); + common_element_end('p'); + common_show_footer(); + } + + function get_instructions() { + return _t('Login with your username and password. ' . + 'Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account, or ' . + 'try [OpenID](%%action.openidlogin%%). '); + } + + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('p', 'instructions'); + common_raw($output); + common_element_end('p'); } } } - -function login_show_form() { - html_start(); - html_head("Login"); - html_body(); -} - -function login_check_user($username, $password) { - -} \ No newline at end of file