diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/finishopenidlogin.php | 2 | ||||
| -rw-r--r-- | actions/openidlogin.php | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php index 880a9505b..bc9151120 100644 --- a/actions/finishopenidlogin.php +++ b/actions/finishopenidlogin.php @@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 7a267a2bd..1a4372d73 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -26,7 +26,7 @@ class OpenidloginAction extends Action function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $openid_url = $this->trimmed('openid_url'); @@ -59,7 +59,16 @@ class OpenidloginAction extends Action function getInstructions() { - return _('Login with an [OpenID](%%doc.openid%%) account.'); + if (common_logged_in() && !common_is_real_login() && + common_get_returnto()) { + // rememberme logins have to reauthenticate before + // changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-login with your ' . + '[OpenID](%%doc.openid%%) ' . + 'before changing your settings.'); + } else { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } } function showPageNotice() |