diff options
author | Evan Prodromou <evan@prodromou.name> | 2008-05-14 10:54:36 -0400 |
---|---|---|
committer | Evan Prodromou <evan@prodromou.name> | 2008-05-14 10:54:36 -0400 |
commit | 67a347bafb875be60e7554f308d80d7f0a1d2747 (patch) | |
tree | fb7d54dff5e84e1e22b1c5fca882a5f776e1d4a9 /actions/login.php | |
parent | f0a30cc89ddf82e3c774800d24f0ea3664065d9c (diff) |
considerable coding
darcs-hash:20080514145436-84dde-d0994cb35d3fe8545d3f08abeec3cdfe7559c67d.gz
Diffstat (limited to 'actions/login.php')
-rw-r--r-- | actions/login.php | 66 |
1 files changed, 50 insertions, 16 deletions
diff --git a/actions/login.php b/actions/login.php index a95dc9e3a..b93936297 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,25 +1,59 @@ <?php -function handle_login() { - if ($_REQUEST['METHOD'] == 'POST') { - if (login_check_user($_REQUEST['user'], $_REQUEST['password'])) { - +class LoginAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_t('Already logged in.')); + } else if ($this->arg('METHOD') == 'POST') { + $this->check_login(); } else { + $this->show_form(); } - } else { - if (user_logged_in()) { + } + + function check_login() { + # XXX: form token in $_SESSION to prevent XSS + # XXX: login throttle + $nickname = $this->arg('nickname'); + $password = $this->arg('password'); + if (common_check_user($nickname, $password)) { + common_set_user($nickname); + common_redirect(common_local_url('all', + array('nickname' => + $nickname))); } else { - login_show_form(); + $this->show_form(_t('Incorrect username or password.')); } } -} -function login_show_form() { - html_start(); - html_head("Login"); - html_body(); + function show_form($error=NULL) { + + common_show_header(_t('Login')); + if (!is_null($error)) { + common_element('div', array('class' => 'error'), $msg); + } + common_start_element('form', array('method' => 'POST', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_element('label', array('for' => 'username'), + _t('Name')); + common_element('input', array('name' => 'username', + 'type' => 'text', + 'id' => 'username')); + common_element('label', array('for' => 'password'), + _t('Password')); + common_element('input', array('name' => 'password', + 'type' => 'password', + 'id' => 'password')); + common_element('input', array('name' => 'submit', + 'type' => 'submit', + 'id' => 'submit'), + _t('Login')); + common_element('input', array('name' => 'cancel', + 'type' => 'button', + 'id' => 'cancel'), + _t('Cancel')); + } } - -function login_check_user($username, $password) { - -}
\ No newline at end of file |