diff options
Diffstat (limited to 'actions')
-rw-r--r-- | actions/login.php | 54 | ||||
-rw-r--r-- | actions/register.php | 16 |
2 files changed, 40 insertions, 30 deletions
diff --git a/actions/login.php b/actions/login.php index ae75c9044..af4e2e7b8 100644 --- a/actions/login.php +++ b/actions/login.php @@ -31,37 +31,42 @@ class LoginAction extends Action { $this->show_form(); } } - + function check_login() { # XXX: form token in $_SESSION to prevent XSS # XXX: login throttle $nickname = $this->arg('nickname'); $password = $this->arg('password'); - if (common_check_user($nickname, $password)) { - # success! - if (!common_set_user($nickname)) { - common_server_error(_t('Error setting user.')); - return; - } - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); - } - # success! - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(NULL); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } else { + $user = common_check_user($nickname, $password); + + if (!$user) { $this->show_form(_t('Incorrect username or password.')); + return; + } + + # success! + if (!common_set_user($user)) { + common_server_error(_t('Error setting user.')); + return; + } + + common_real_login(true); + + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); } + common_redirect($url); } function show_form($error=NULL) { @@ -113,3 +118,4 @@ class LoginAction extends Action { } } } +#
\ No newline at end of file diff --git a/actions/register.php b/actions/register.php index 3d34de2eb..74a41e706 100644 --- a/actions/register.php +++ b/actions/register.php @@ -63,20 +63,24 @@ class RegisterAction extends Action { $this->show_form(_t('Email address already exists.')); } else if ($password != $confirm) { $this->show_form(_t('Passwords don\'t match.')); - } else if ($this->register_user($nickname, $password, $email)) { + } else { + $user = $this->register_user($nickname, $password, $email); + if (!$user) { + $this->show_form(_t('Invalid username or password.')); + return; + } # success! - if (!common_set_user($nickname)) { + if (!common_set_user($user)) { common_server_error(_t('Error setting user.')); return; } + # this is a real login common_real_login(true); if ($this->boolean('rememberme')) { common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); + common_rememberme($user); } common_redirect(common_local_url('profilesettings')); - } else { - $this->show_form(_t('Invalid username or password.')); } } @@ -148,7 +152,7 @@ class RegisterAction extends Action { $email); } - return $result; + return $user; } function show_top($error=NULL) { |