diff options
author | Evan Prodromou <evan@controlyourself.ca> | 2009-02-05 11:46:17 -0500 |
---|---|---|
committer | Evan Prodromou <evan@controlyourself.ca> | 2009-02-05 11:46:17 -0500 |
commit | 7ad3ff4a2cd494ef8c1cc293e15c0a70b8786fee (patch) | |
tree | 75d8718b5a0607dd80b5474c977508a85cf6d19a /lib | |
parent | a97f8f6a43b27b3392ef9b03be58e37d743f394d (diff) |
Allow re-authentication with OpenID
"Rememberme" logins aren't allowed to make changes to an account
(since cookie-stealing is too easy). Users have to re-authenticate.
Previously, it was impossible to do so without having a username and
password; this change lets you do it with OpenID, too.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/settingsaction.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/settingsaction.php b/lib/settingsaction.php index dfe1f114b..53c807c6f 100644 --- a/lib/settingsaction.php +++ b/lib/settingsaction.php @@ -76,7 +76,12 @@ class SettingsAction extends Action // change important settings or see private info, and // _all_ our settings are important common_set_returnto($this->selfUrl()); - common_redirect(common_local_url('login')); + $user = common_current_user(); + if ($user->hasOpenID()) { + common_redirect(common_local_url('openidlogin')); + } else { + common_redirect(common_local_url('login')); + } } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); } else { |