X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=d3e4312f71152f86e42047250f1361c95c8fd6df;hb=ad651c35353021d05ef4a013e57c17d0b885c5dc;hp=ea9b96a46b73fa53b1d6a6cce5d79f1e60c3edc9;hpb=304f3b4f188d92720848ae1e3ac85ee04bd5ef71;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index ea9b96a46b..d3e4312f71 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,6 +62,28 @@ class LoginAction extends Action return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * @@ -103,6 +125,15 @@ class LoginAction extends Action // CSRF protection - token set in NoticeForm $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + $st = common_session_token(); + if (empty($token)) { + common_log(LOG_WARNING, 'No token provided by client.'); + } else if (empty($st)) { + common_log(LOG_WARNING, 'No session token stored.'); + } else { + common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st); + } + $this->clientError(_('There was a problem with your session token. '. 'Try again, please.')); return; @@ -132,15 +163,10 @@ class LoginAction extends Action $url = common_get_returnto(); - if (common_config('ssl', 'sometimes') && // mixed environment - 0 != strcasecmp(common_config('site', 'server'), common_config('site', 'sslserver'))) { - $this->redirectFromSSL($user, $url, $this->boolean('rememberme')); - return; - } - if ($url) { // We don't have to return to it again common_set_returnto(null); + $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => @@ -263,9 +289,13 @@ class LoginAction extends Action 'user name and password ' . 'before changing your settings.'); } else { - return _('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account.'); + $prompt = _('Login with your username and password.'); + if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) { + $prompt .= ' '; + $prompt .= _('Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account.'); + } + return $prompt; } } @@ -282,31 +312,4 @@ class LoginAction extends Action $nav = new LoginGroupNav($this); $nav->show(); } - - function redirectFromSSL($user, $returnto, $rememberme) - { - try { - $login_token = Login_token::makeNew($user); - } catch (Exception $e) { - $this->serverError($e->getMessage()); - return; - } - - $params = array(); - - if (!empty($returnto)) { - $params['returnto'] = $returnto; - } - - if (!empty($rememberme)) { - $params['rememberme'] = $rememberme; - } - - $target = common_local_url('otp', - array('user_id' => $login_token->user_id, - 'token' => $login_token->token), - $params); - - common_redirect($target, 303); - } }