diff options
| author | Evan Prodromou <evan@controlezvous.ca> | 2008-06-23 22:52:34 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@controlezvous.ca> | 2008-06-23 22:52:34 -0400 |
| commit | be3a44651c47a27907e682a8e4c9e5dd9352a1f6 (patch) | |
| tree | 040c86ea5030ed65dae6ac807fff12d8da0fdf94 /lib/settingsaction.php | |
| parent | 5df185a5ed0040964dc53585c5187ac5004a7834 (diff) | |
implement rememberme functionality
Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.
However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.
darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
Diffstat (limited to 'lib/settingsaction.php')
| -rw-r--r-- | lib/settingsaction.php | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/settingsaction.php b/lib/settingsaction.php index fad6abaf1..2a80c0e31 100644 --- a/lib/settingsaction.php +++ b/lib/settingsaction.php @@ -26,6 +26,12 @@ class SettingsAction extends Action { if (!common_logged_in()) { common_user_error(_t('Not logged in.')); return; + } else if (!common_is_real_login()) { + # Cookie theft means that automatic logins can't + # change important settings or see private info, and + # _all_ our settings are important + common_set_returnto($this->self_url()); + common_redirect(common_local_url('login')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handle_post(); } else { @@ -52,8 +58,8 @@ class SettingsAction extends Action { function settings_menu() { # action => array('prompt', 'title') static $menu = - array('profilesettings' => - array('Profile', + array('profilesettings' => + array('Profile', 'Change your profile settings'), 'avatar' => array('Avatar', @@ -62,12 +68,12 @@ class SettingsAction extends Action { array('Password', 'Change your password'), 'openidsettings' => - array('OpenID', + array('OpenID', 'Add or remove OpenIDs'), 'imsettings' => array('IM', 'Updates by instant messenger (IM)')); - + $action = $this->trimmed('action'); common_element_start('ul', array('id' => 'nav_views')); foreach ($menu as $menuaction => $menudesc) { |