diff options
Diffstat (limited to 'actions/login.php')
| -rw-r--r-- | actions/login.php | 66 |
1 files changed, 50 insertions, 16 deletions
diff --git a/actions/login.php b/actions/login.php index a95dc9e3a..b93936297 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,25 +1,59 @@ <?php -function handle_login() { - if ($_REQUEST['METHOD'] == 'POST') { - if (login_check_user($_REQUEST['user'], $_REQUEST['password'])) { - +class LoginAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_t('Already logged in.')); + } else if ($this->arg('METHOD') == 'POST') { + $this->check_login(); } else { + $this->show_form(); } - } else { - if (user_logged_in()) { + } + + function check_login() { + # XXX: form token in $_SESSION to prevent XSS + # XXX: login throttle + $nickname = $this->arg('nickname'); + $password = $this->arg('password'); + if (common_check_user($nickname, $password)) { + common_set_user($nickname); + common_redirect(common_local_url('all', + array('nickname' => + $nickname))); } else { - login_show_form(); + $this->show_form(_t('Incorrect username or password.')); } } -} -function login_show_form() { - html_start(); - html_head("Login"); - html_body(); + function show_form($error=NULL) { + + common_show_header(_t('Login')); + if (!is_null($error)) { + common_element('div', array('class' => 'error'), $msg); + } + common_start_element('form', array('method' => 'POST', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_element('label', array('for' => 'username'), + _t('Name')); + common_element('input', array('name' => 'username', + 'type' => 'text', + 'id' => 'username')); + common_element('label', array('for' => 'password'), + _t('Password')); + common_element('input', array('name' => 'password', + 'type' => 'password', + 'id' => 'password')); + common_element('input', array('name' => 'submit', + 'type' => 'submit', + 'id' => 'submit'), + _t('Login')); + common_element('input', array('name' => 'cancel', + 'type' => 'button', + 'id' => 'cancel'), + _t('Cancel')); + } } - -function login_check_user($username, $password) { - -}
\ No newline at end of file |