diff options
| author | Zach Copley <zach@status.net> | 2009-11-19 20:12:46 -0800 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2009-11-19 20:12:46 -0800 |
| commit | 4b98edf75f4e255f8c61087bd1525d89653a521f (patch) | |
| tree | b2a7eb6d77429eadb1beabe2d5e6ae1c1a2831d6 /actions/login.php | |
| parent | f92574dbcb1f2d7cd0aaf3c9362db46fa066e888 (diff) | |
| parent | c213477081afefb1720c8ae729d1965e7a1dac63 (diff) | |
Merge branch '0.9-release'
* 0.9-release: (874 commits)
Removed call to NewDirectMessage() until IE return is fixed i.e.,
Don't show flag user button your own profile
Fixed HXR response for flag user
Using the right form class name
Using common_redirect
Left a form_data class of a <ul> in the user admin panel
Added validation to fields in user admin panel
Added a user admin panel
Added mobile logos for default and identica themes
Changed gif to png
Changed this to action. THANKS zach!
Doing content negotiation only once
Add execute bit to pingqueuehandler
Localisation updates for !StatusNet from !translatewiki.net
Use the browser's geolocation API to set the location on the notice form
Add geometa library, and include it.
Add location form elements to the noticeform, and save their values on submission
Use the $user object nickname, as login name doesnt have to == nickname anymore with plugins such as ldap/etc
Revert "Re added NICKNAME_FMT constant to router.php."
Moved most path and server settings to a new paths admin panel
...
Conflicts:
js/util.js
locale/it_IT/LC_MESSAGES/statusnet.mo
locale/mk_MK/LC_MESSAGES/statusnet.mo
locale/mk_MK/LC_MESSAGES/statusnet.po
locale/pt_BR/LC_MESSAGES/statusnet.mo
locale/vi_VN/LC_MESSAGES/statusnet.mo
plugins/InfiniteScroll/infinitescroll.js
plugins/Realtime/realtimeupdate.js
Diffstat (limited to 'actions/login.php')
| -rw-r--r-- | actions/login.php | 70 |
1 files changed, 44 insertions, 26 deletions
diff --git a/actions/login.php b/actions/login.php index ac8c40c3e..cee29fd09 100644 --- a/actions/login.php +++ b/actions/login.php @@ -67,8 +67,6 @@ class LoginAction extends Action * * Switches on request method; either shows the form or handles its input. * - * Checks if only OpenID is allowed and redirects to openidlogin if so. - * * @param array $args $_REQUEST data * * @return void @@ -77,12 +75,12 @@ class LoginAction extends Action function handle($args) { parent::handle($args); - if (common_config('site', 'openidonly')) { - common_redirect(common_local_url('openidlogin')); - } else if (common_is_real_login()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); + } else if (isset($args['user_id']) && isset($args['token'])){ + $this->checkLogin($args['user_id'],$args['token']); } else { common_ensure_session(); $this->showForm(); @@ -99,23 +97,48 @@ class LoginAction extends Action * @return void */ - function checkLogin() + function checkLogin($user_id=null, $token=null) { - // XXX: login throttle - - // CSRF protection - token set in NoticeForm - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. '. - 'Try again, please.')); - return; + if(isset($token) && isset($user_id)){ + //Token based login (from the LoginCommand) + $login_token = Login_token::staticGet('user_id',$user_id); + if($login_token && $login_token->token == $token){ + if($login_token->modified > time()+2*60){ + //token has expired + //delete the token as it is useless + $login_token->delete(); + $this->showForm(_('Invalid or expired token.')); + return; + }else{ + //delete the token so it cannot be reused + $login_token->delete(); + //it's a valid token - let them log in + $user = User::staticGet('id', $user_id); + //$user = User::staticGet('nickname', "candrews"); + } + }else{ + $this->showForm(_('Invalid or expired token.')); + return; + } + }else{ + // Regular form submission login + + // XXX: login throttle + + // CSRF protection - token set in NoticeForm + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token. '. + 'Try again, please.')); + return; + } + + $nickname = $this->trimmed('nickname'); + $password = $this->arg('password'); + + $user = common_check_user($nickname, $password); } - $nickname = common_canonical_nickname($this->trimmed('nickname')); - $password = $this->arg('password'); - - $user = common_check_user($nickname, $password); - if (!$user) { $this->showForm(_('Incorrect username or password.')); return; @@ -123,7 +146,7 @@ class LoginAction extends Action // success! if (!common_set_user($user)) { - $this->serverError(_('Error setting user.')); + $this->serverError(_('Error setting user. You are probably not authorized.')); return; } @@ -141,7 +164,7 @@ class LoginAction extends Action } else { $url = common_local_url('all', array('nickname' => - $nickname)); + $user->nickname)); } common_redirect($url, 303); @@ -259,11 +282,6 @@ class LoginAction extends Action return _('For security reasons, please re-enter your ' . 'user name and password ' . 'before changing your settings.'); - } else if (common_config('openid', 'enabled')) { - return _('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); } else { return _('Login with your username and password. ' . 'Don\'t have a username yet? ' . |