X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=aa25a0cec5fb3a179524100c5a0af15dd25290a2;hb=4272da4e9e2ab9c99b4b9897f04c92cd7987cb8b;hp=400957e05b1c5fa2185f06ddb8f70775a4a2e37c;hpb=87b494f1ebbe7640d194ef322af12fdf378295df;p=quix0rs-gnu-social.git

diff --git a/actions/login.php b/actions/login.php
index 400957e05b..aa25a0cec5 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -21,6 +21,10 @@ if (!defined('LACONICA')) { exit(1); }
 
 class LoginAction extends Action {
 
+	function is_readonly() {
+		return true;
+	}
+
 	function handle($args) {
 		parent::handle($args);
 		if (common_is_real_login()) {
@@ -31,7 +35,7 @@ class LoginAction extends Action {
 			$this->show_form();
 		}
 	}
-	
+
 	function check_login() {
 		# XXX: form token in $_SESSION to prevent XSS
 		# XXX: login throttle
@@ -40,7 +44,7 @@ class LoginAction extends Action {
 		if (common_check_user($nickname, $password)) {
 			# success!
 			if (!common_set_user($nickname)) {
-				common_server_error(_t('Error setting user.'));
+				common_server_error(_('Error setting user.'));
 				return;
 			}
 			common_real_login(true);
@@ -60,11 +64,18 @@ class LoginAction extends Action {
 			}
 			common_redirect($url);
 		} else {
-			$this->show_form(_t('Incorrect username or password.'));
+			$this->show_form(_('Incorrect username or password.'));
+			return;
+		}
+
+		# success!
+		if (!common_set_user($user)) {
+			common_server_error(_('Error setting user.'));
+			return;
 		}
-		
+
 		common_real_login(true);
-		
+
 		if ($this->boolean('rememberme')) {
 			common_debug('Adding rememberme cookie for ' . $nickname);
 			common_rememberme($user);
@@ -102,10 +113,21 @@ class LoginAction extends Action {
 	}
 
 	function get_instructions() {
-		return _t('Login with your username and password. ' .
-				  'Don\'t have a username yet? ' .
-				  '[Register](%%action.register%%) a new account, or ' .
-				  'try [OpenID](%%action.openidlogin%%). ');
+		if (common_logged_in() &&
+			!common_is_real_login() &&
+			common_get_returnto())
+		{
+			# rememberme logins have to reauthenticate before
+			# changing any profile settings (cookie-stealing protection)
+			return _('For security reasons, please re-enter your ' .
+					 'user name and password ' .
+					 'before changing your settings.');
+		} else {
+			return _('Login with your username and password. ' .
+					 'Don\'t have a username yet? ' .
+					 '[Register](%%action.register%%) a new account, or ' .
+					 'try [OpenID](%%action.openidlogin%%). ');
+		}
 	}
 
 	function show_top($error=NULL) {
@@ -120,4 +142,3 @@ class LoginAction extends Action {
 		}
 	}
 }
-#
\ No newline at end of file