summaryrefslogtreecommitdiff
path: root/actions/openidlogin.php
diff options
context:
space:
mode:
authorSean Murphy <sgmurphy@gmail.com>2009-02-07 11:02:10 -0500
committerSean Murphy <sgmurphy@gmail.com>2009-02-07 11:02:10 -0500
commita3d5e00f64b3c166e34a8d36fcb4f5b757394e9b (patch)
tree91576e428997bc6cc826fa2cead37794961de23c /actions/openidlogin.php
parentd90089314944ed1696f66cabbb6935ea61e4b2e6 (diff)
parent08db50b24eaf9e6e5f651448c394f1f50dd2409b (diff)
Merge commit 'upstream/0.7.x' into 0.7.x
Conflicts: actions/showstream.php
Diffstat (limited to 'actions/openidlogin.php')
-rw-r--r--actions/openidlogin.php13
1 files changed, 11 insertions, 2 deletions
diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index 7a267a2bd..1a4372d73 100644
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -26,7 +26,7 @@ class OpenidloginAction extends Action
function handle($args)
{
parent::handle($args);
- if (common_logged_in()) {
+ if (common_is_real_login()) {
$this->clientError(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$openid_url = $this->trimmed('openid_url');
@@ -59,7 +59,16 @@ class OpenidloginAction extends Action
function getInstructions()
{
- return _('Login with an [OpenID](%%doc.openid%%) account.');
+ if (common_logged_in() && !common_is_real_login() &&
+ common_get_returnto()) {
+ // rememberme logins have to reauthenticate before
+ // changing any profile settings (cookie-stealing protection)
+ return _('For security reasons, please re-login with your ' .
+ '[OpenID](%%doc.openid%%) ' .
+ 'before changing your settings.');
+ } else {
+ return _('Login with an [OpenID](%%doc.openid%%) account.');
+ }
}
function showPageNotice()