diff options
| -rw-r--r-- | actions/login.php | 54 | ||||
| -rw-r--r-- | actions/register.php | 16 | ||||
| -rw-r--r-- | lib/util.php | 45 |
3 files changed, 69 insertions, 46 deletions
diff --git a/actions/login.php b/actions/login.php index ae75c9044..af4e2e7b8 100644 --- a/actions/login.php +++ b/actions/login.php @@ -31,37 +31,42 @@ class LoginAction extends Action { $this->show_form(); } } - + function check_login() { # XXX: form token in $_SESSION to prevent XSS # XXX: login throttle $nickname = $this->arg('nickname'); $password = $this->arg('password'); - if (common_check_user($nickname, $password)) { - # success! - if (!common_set_user($nickname)) { - common_server_error(_t('Error setting user.')); - return; - } - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); - } - # success! - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(NULL); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } else { + $user = common_check_user($nickname, $password); + + if (!$user) { $this->show_form(_t('Incorrect username or password.')); + return; + } + + # success! + if (!common_set_user($user)) { + common_server_error(_t('Error setting user.')); + return; + } + + common_real_login(true); + + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); } + common_redirect($url); } function show_form($error=NULL) { @@ -113,3 +118,4 @@ class LoginAction extends Action { } } } +#
\ No newline at end of file diff --git a/actions/register.php b/actions/register.php index 3d34de2eb..74a41e706 100644 --- a/actions/register.php +++ b/actions/register.php @@ -63,20 +63,24 @@ class RegisterAction extends Action { $this->show_form(_t('Email address already exists.')); } else if ($password != $confirm) { $this->show_form(_t('Passwords don\'t match.')); - } else if ($this->register_user($nickname, $password, $email)) { + } else { + $user = $this->register_user($nickname, $password, $email); + if (!$user) { + $this->show_form(_t('Invalid username or password.')); + return; + } # success! - if (!common_set_user($nickname)) { + if (!common_set_user($user)) { common_server_error(_t('Error setting user.')); return; } + # this is a real login common_real_login(true); if ($this->boolean('rememberme')) { common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); + common_rememberme($user); } common_redirect(common_local_url('profilesettings')); - } else { - $this->show_form(_t('Invalid username or password.')); } } @@ -148,7 +152,7 @@ class RegisterAction extends Action { $email); } - return $result; + return $user; } function show_top($error=NULL) { diff --git a/lib/util.php b/lib/util.php index 638abdea4..1639457e0 100644 --- a/lib/util.php +++ b/lib/util.php @@ -421,8 +421,12 @@ function common_check_user($nickname, $password) { if (is_null($user)) { return false; } else { - return (0 == strcmp(common_munge_password($password, $user->id), - $user->password)); + if (0 == strcmp(common_munge_password($password, $user->id), + $user->password)) { + return $user; + } else { + return false; + } } } @@ -441,19 +445,26 @@ function common_ensure_session() { } } -function common_set_user($nickname) { +# Three kinds of arguments: +# 1) a user object +# 2) a nickname +# 3) NULL to clear + +function common_set_user($user) { if (is_null($nickname) && common_have_session()) { unset($_SESSION['userid']); return true; - } else { + } else if (is_string($user)) { + $nickname = $user; $user = User::staticGet('nickname', $nickname); - if ($user) { - common_ensure_session(); - $_SESSION['userid'] = $user->id; - return true; - } else { - return false; - } + } else if (!($user instanceof User)) { + return false; + } + + if ($user) { + common_ensure_session(); + $_SESSION['userid'] = $user->id; + return $user; } return false; } @@ -477,11 +488,13 @@ function common_set_cookie($key, $value, $expiration=0) { define('REMEMBERME', 'rememberme'); define('REMEMBERME_EXPIRY', 30 * 24 * 60 * 60); -function common_rememberme() { - $user = common_current_user(); +function common_rememberme($user=NULL) { if (!$user) { - common_debug('No current user to remember', __FILE__); - return false; + $user = common_current_user(); + if (!$user) { + common_debug('No current user to remember', __FILE__); + return false; + } } $rm = new Remember_me(); $rm->code = common_good_rand(16); @@ -521,7 +534,7 @@ function common_remembered_user() { common_real_login(false); # We issue a new cookie, so they can log in # automatically again after this session - common_rememberme(); + common_rememberme($user); } } } |