X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fopenidlogin.php;h=1a4372d73e76722dfe5f60d30b220b6ba191b3f0;hb=28ef2ccf427683837dde29f8b89ea8d5378f287b;hp=d1989e0dea736dad06e744b9dc28b69316b17d7d;hpb=4b0cf99e56f965e10eeb8b8b19e7b405bda49eaf;p=quix0rs-gnu-social.git diff --git a/actions/openidlogin.php b/actions/openidlogin.php index d1989e0dea..1a4372d73e 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -23,11 +23,10 @@ require_once(INSTALLDIR.'/lib/openid.php'); class OpenidloginAction extends Action { - function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $openid_url = $this->trimmed('openid_url'); @@ -35,40 +34,49 @@ class OpenidloginAction extends Action # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url); + $this->showForm(_('There was a problem with your session token. Try again, please.'), $openid_url); return; } $rememberme = $this->boolean('rememberme'); - + common_ensure_session(); - + $_SESSION['openid_rememberme'] = $rememberme; - + $result = oid_authenticate($openid_url, 'finishopenidlogin'); - + if (is_string($result)) { # error message unset($_SESSION['openid_rememberme']); - $this->show_form($result, $openid_url); + $this->showForm($result, $openid_url); } } else { $openid_url = oid_get_last(); - $this->show_form(null, $openid_url); + $this->showForm(null, $openid_url); } } - function get_instructions() + function getInstructions() { - return _('Login with an [OpenID](%%doc.openid%%) account.'); + if (common_logged_in() && !common_is_real_login() && + common_get_returnto()) { + // rememberme logins have to reauthenticate before + // changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-login with your ' . + '[OpenID](%%doc.openid%%) ' . + 'before changing your settings.'); + } else { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } } - function show_top($error=null) + function showPageNotice() { - if ($error) { - $this->element('div', array('class' => 'error'), $error); + if ($this->error) { + $this->element('div', array('class' => 'error'), $this->error); } else { - $instr = $this->get_instructions(); + $instr = $this->getInstructions(); $output = common_markup_to_html($instr); $this->elementStart('div', 'instructions'); $this->raw($output); @@ -76,22 +84,48 @@ class OpenidloginAction extends Action } } - function show_form($error=null, $openid_url) + function title() + { + return _('OpenID Login'); + } + + function showForm($error=null, $openid_url) { - common_show_header(_('OpenID Login'), null, $error, array($this, 'show_top')); + $this->error = $error; + $this->openid_url = $openid_url; + $this->showPage(); + } + + function showContent() { $formaction = common_local_url('openidlogin'); $this->elementStart('form', array('method' => 'post', - 'id' => 'openidlogin', + 'id' => 'form_openid_login', + 'class' => 'form_settings', 'action' => $formaction)); + $this->elementStart('fieldset'); + $this->element('legend', null, _('OpenID login')); $this->hidden('token', common_session_token()); + + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); $this->input('openid_url', _('OpenID URL'), - $openid_url, + $this->openid_url, _('Your OpenID URL')); + $this->elementEnd('li'); + $this->elementStart('li', array('id' => 'settings_rememberme')); $this->checkbox('rememberme', _('Remember me'), false, _('Automatically login in the future; ' . 'not for shared computers!')); + $this->elementEnd('li'); + $this->elementEnd('ul'); $this->submit('submit', _('Login')); + $this->elementEnd('fieldset'); $this->elementEnd('form'); - common_show_footer(); + } + + function showLocalNav() + { + $nav = new LoginGroupNav($this); + $nav->show(); } }