X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=aa25a0cec5fb3a179524100c5a0af15dd25290a2;hb=f26ed4626641d934eb8be8359bcc4aef03c97968;hp=d47e0579d088f128cc8a6bc367610d243d2c04c3;hpb=5593d4a50ba09b47c99ba5608911d50d99d54f33;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index d47e0579d0..aa25a0cec5 100644 --- a/actions/login.php +++ b/actions/login.php @@ -21,10 +21,14 @@ if (!defined('LACONICA')) { exit(1); } class LoginAction extends Action { + function is_readonly() { + return true; + } + function handle($args) { parent::handle($args); if (common_is_real_login()) { - common_user_error(_t('Already logged in.')); + common_user_error(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->check_login(); } else { @@ -40,11 +44,12 @@ class LoginAction extends Action { if (common_check_user($nickname, $password)) { # success! if (!common_set_user($nickname)) { - common_server_error(_t('Error setting user.')); + common_server_error(_('Error setting user.')); return; } common_real_login(true); if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); common_rememberme(); } # success! @@ -59,34 +64,70 @@ class LoginAction extends Action { } common_redirect($url); } else { - $this->show_form(_t('Incorrect username or password.')); + $this->show_form(_('Incorrect username or password.')); + return; + } + + # success! + if (!common_set_user($user)) { + common_server_error(_('Error setting user.')); + return; } + + common_real_login(true); + + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); } function show_form($error=NULL) { - common_show_header(_t('Login'), NULL, $error, array($this, 'show_top')); - common_element_start('form', array('method' => 'POST', + common_show_header(_('Login'), NULL, $error, array($this, 'show_top')); + common_element_start('form', array('method' => 'post', 'id' => 'login', 'action' => common_local_url('login'))); - common_input('nickname', _t('Nickname')); - common_password('password', _t('Password')); - common_checkbox('rememberme', _t('Remember me'), - _t('Automatically login in the future; ' . + common_input('nickname', _('Nickname')); + common_password('password', _('Password')); + common_checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . 'not for shared computers!')); - common_submit('submit', _t('Login')); + common_submit('submit', _('Login')); common_element_end('form'); common_element_start('p'); common_element('a', array('href' => common_local_url('recoverpassword')), - _t('Lost or forgotten password?')); + _('Lost or forgotten password?')); common_element_end('p'); common_show_footer(); } function get_instructions() { - return _t('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); + if (common_logged_in() && + !common_is_real_login() && + common_get_returnto()) + { + # rememberme logins have to reauthenticate before + # changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-enter your ' . + 'user name and password ' . + 'before changing your settings.'); + } else { + return _('Login with your username and password. ' . + 'Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account, or ' . + 'try [OpenID](%%action.openidlogin%%). '); + } } function show_top($error=NULL) { @@ -95,9 +136,9 @@ class LoginAction extends Action { } else { $instr = $this->get_instructions(); $output = common_markup_to_html($instr); - common_element_start('p', 'instructions'); + common_element_start('div', 'instructions'); common_raw($output); - common_element_end('p'); + common_element_end('div'); } } }