X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Flogin.php;h=d3e4312f71152f86e42047250f1361c95c8fd6df;hb=b5cfcba4712809cb17eabba299ce5ff04f4d7d70;hp=59c6b4874bc24464d6fd9fbc15f05128ad4da8f2;hpb=c172cbafaa9ba17ff8ca5c6dd07741bd0de96871;p=quix0rs-gnu-social.git diff --git a/actions/login.php b/actions/login.php index 59c6b4874b..d3e4312f71 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,6 +1,6 @@ . * * @category Login - * @package Laconica - * @author Evan Prodromou - * @copyright 2008-2009 Control Yourself, Inc. + * @package StatusNet + * @author Evan Prodromou + * @author Sarven Capadisli + * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ + * @link http://status.net/ */ -if (!defined('LACONICA')) { +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } @@ -35,10 +36,11 @@ if (!defined('LACONICA')) { * Login form * * @category Personal - * @package Laconica - * @author Evan Prodromou + * @package StatusNet + * @author Evan Prodromou + * @author Sarven Capadisli * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ + * @link http://status.net/ */ class LoginAction extends Action @@ -55,11 +57,33 @@ class LoginAction extends Action * @return boolean false */ - function isReadOnly() + function isReadOnly($args) { return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * @@ -73,6 +97,7 @@ class LoginAction extends Action function handle($args) { parent::handle($args); + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -93,19 +118,28 @@ class LoginAction extends Action * @return void */ - function checkLogin() + function checkLogin($user_id=null, $token=null) { // XXX: login throttle // CSRF protection - token set in NoticeForm $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + $st = common_session_token(); + if (empty($token)) { + common_log(LOG_WARNING, 'No token provided by client.'); + } else if (empty($st)) { + common_log(LOG_WARNING, 'No session token stored.'); + } else { + common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st); + } + $this->clientError(_('There was a problem with your session token. '. 'Try again, please.')); return; } - $nickname = common_canonical_nickname($this->trimmed('nickname')); + $nickname = $this->trimmed('nickname'); $password = $this->arg('password'); $user = common_check_user($nickname, $password); @@ -117,7 +151,7 @@ class LoginAction extends Action // success! if (!common_set_user($user)) { - $this->serverError(_('Error setting user.')); + $this->serverError(_('Error setting user. You are probably not authorized.')); return; } @@ -132,10 +166,11 @@ class LoginAction extends Action if ($url) { // We don't have to return to it again common_set_returnto(null); + $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => - $nickname)); + $user->nickname)); } common_redirect($url, 303); @@ -158,6 +193,12 @@ class LoginAction extends Action $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Title of the page * @@ -201,9 +242,9 @@ class LoginAction extends Action function showContent() { $this->elementStart('form', array('method' => 'post', - 'id' => 'form_login', - 'class' => 'form_settings', - 'action' => common_local_url('login'))); + 'id' => 'form_login', + 'class' => 'form_settings', + 'action' => common_local_url('login'))); $this->elementStart('fieldset'); $this->element('legend', null, _('Login to site')); $this->elementStart('ul', 'form_data'); @@ -216,7 +257,7 @@ class LoginAction extends Action $this->elementStart('li'); $this->checkbox('rememberme', _('Remember me'), false, _('Automatically login in the future; ' . - 'not for shared computers!')); + 'not for shared computers!')); $this->elementEnd('li'); $this->elementEnd('ul'); $this->submit('submit', _('Login')); @@ -248,10 +289,13 @@ class LoginAction extends Action 'user name and password ' . 'before changing your settings.'); } else { - return _('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); + $prompt = _('Login with your username and password.'); + if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) { + $prompt .= ' '; + $prompt .= _('Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account.'); + } + return $prompt; } }