X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=c775fa6924e2372ae7e99114c90d7f055c180cc3;hb=0587dcc0457e71cd15d6f2af38d181f522a73315;hp=11cf1f02a6e77b9bea67664acde0977205e34a6d;hpb=264ab53953d529680cea4df31ed125710bb26988;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index 11cf1f02a6..c775fa6924 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,6 +1,6 @@ . * * @category Login - * @package Laconica - * @author Evan Prodromou - * @copyright 2008-2009 Control Yourself, Inc. + * @package StatusNet + * @author Evan Prodromou + * @author Sarven Capadisli + * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ + * @link http://status.net/ */ -if (!defined('LACONICA')) { +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } @@ -35,10 +36,11 @@ if (!defined('LACONICA')) { * Login form * * @category Personal - * @package Laconica - * @author Evan Prodromou + * @package StatusNet + * @author Evan Prodromou + * @author Sarven Capadisli * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ + * @link http://status.net/ */ class LoginAction extends Action @@ -55,7 +57,7 @@ class LoginAction extends Action * @return boolean false */ - function isReadOnly() + function isReadOnly($args) { return false; } @@ -73,11 +75,18 @@ class LoginAction extends Action function handle($args) { parent::handle($args); + + $disabled = common_config('logincommand','disabled'); + $disabled = isset($disabled) && $disabled; + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); + } else if (!$disabled && isset($args['user_id']) && isset($args['token'])){ + $this->checkLogin($args['user_id'],$args['token']); } else { + common_ensure_session(); $this->showForm(); } } @@ -92,70 +101,77 @@ class LoginAction extends Action * @return void */ - function checkLogin() + function checkLogin($user_id=null, $token=null) { - // XXX: login throttle + if(isset($token) && isset($user_id)){ + //Token based login (from the LoginCommand) + $login_token = Login_token::staticGet('user_id',$user_id); + if($login_token && $login_token->token == $token){ + if($login_token->modified > time()+2*60){ + //token has expired + //delete the token as it is useless + $login_token->delete(); + $this->showForm(_('Invalid or expired token.')); + return; + }else{ + //delete the token so it cannot be reused + $login_token->delete(); + //it's a valid token - let them log in + $user = User::staticGet('id', $user_id); + //$user = User::staticGet('nickname', "candrews"); + } + }else{ + $this->showForm(_('Invalid or expired token.')); + return; + } + }else{ + // Regular form submission login - // CSRF protection - token set in common_notice_form() - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. '. - 'Try again, please.')); - return; - } + // XXX: login throttle - $nickname = common_canonical_nickname($this->trimmed('nickname')); - $password = $this->arg('password'); - if (common_check_user($nickname, $password)) { - // success! - if (!common_set_user($nickname)) { - $this->serverError(_('Error setting user.')); + // CSRF protection - token set in NoticeForm + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token. '. + 'Try again, please.')); return; } - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); - } - // success! - $url = common_get_returnto(); - if ($url) { - // We don't have to return to it again - common_set_returnto(null); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } else { + + $nickname = $this->trimmed('nickname'); + $password = $this->arg('password'); + + $user = common_check_user($nickname, $password); + } + + if (!$user) { $this->showForm(_('Incorrect username or password.')); return; } // success! if (!common_set_user($user)) { - $this->serverError(_('Error setting user.')); + $this->serverError(_('Error setting user. You are probably not authorized.')); return; } common_real_login(true); if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); common_rememberme($user); } - // success! + $url = common_get_returnto(); + if ($url) { // We don't have to return to it again common_set_returnto(null); } else { $url = common_local_url('all', array('nickname' => - $nickname)); + $user->nickname)); } - common_redirect($url); + + common_redirect($url, 303); } /** @@ -175,6 +191,12 @@ class LoginAction extends Action $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Title of the page * @@ -267,8 +289,7 @@ class LoginAction extends Action } else { return _('Login with your username and password. ' . 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); + '[Register](%%action.register%%) a new account.'); } }