X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fopenidlogin.php;h=09679e372ebc0aa6f0e54e5f2361cbe0b673af4f;hb=10e32eca5ca7683dd7ea3746d563727f1923163f;hp=6ce4bb191adfaab16a2805ad23ff489b62286303;hpb=30c3cd552b9b2424167818c96de4c813c120111e;p=quix0rs-gnu-social.git diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 6ce4bb191a..09679e372e 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -21,38 +21,77 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/openid.php'); -class OpenidloginAction extends Action { - - function handle($args) { - parent::handle($args); - if (common_logged_in()) { - common_user_error(_t('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $result = oid_authenticate($this->trimmed('openid_url'), - 'finishopenidlogin'); - if (is_string($result)) { # error message - $this->show_form($result); - } - } else { - $this->show_form(); - } - } - - function show_form($error=NULL) { - common_show_header(_t('OpenID Login')); - if ($error) { - common_element('div', array('class' => 'error'), $error); - } else { - common_element('div', 'instructions', - _t('Login with an OpenID account.')); - } - $formaction = common_local_url('openidlogin'); - common_element_start('form', array('method' => 'POST', - 'id' => 'openidlogin', - 'action' => $formaction)); - common_input('openid_url', _t('OpenID URL')); - common_submit('submit', _t('Login')); - common_element_end('form'); - common_show_footer(); - } +class OpenidloginAction extends Action +{ + + function handle($args) + { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $openid_url = $this->trimmed('openid_url'); + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url); + return; + } + + $rememberme = $this->boolean('rememberme'); + + common_ensure_session(); + + $_SESSION['openid_rememberme'] = $rememberme; + + $result = oid_authenticate($openid_url, + 'finishopenidlogin'); + + if (is_string($result)) { # error message + unset($_SESSION['openid_rememberme']); + $this->show_form($result, $openid_url); + } + } else { + $openid_url = oid_get_last(); + $this->show_form(null, $openid_url); + } + } + + function get_instructions() + { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } + + function show_top($error=null) + { + if ($error) { + common_element('div', array('class' => 'error'), $error); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + } + + function show_form($error=null, $openid_url) + { + common_show_header(_('OpenID Login'), null, $error, array($this, 'show_top')); + $formaction = common_local_url('openidlogin'); + common_element_start('form', array('method' => 'post', + 'id' => 'openidlogin', + 'action' => $formaction)); + common_hidden('token', common_session_token()); + common_input('openid_url', _('OpenID URL'), + $openid_url, + _('Your OpenID URL')); + common_checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . + 'not for shared computers!')); + common_submit('submit', _('Login')); + common_element_end('form'); + common_show_footer(); + } }