From 7ad3ff4a2cd494ef8c1cc293e15c0a70b8786fee Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@controlyourself.ca>
Date: Thu, 5 Feb 2009 11:46:17 -0500
Subject: Allow re-authentication with OpenID

"Rememberme" logins aren't allowed to make changes to an account
(since cookie-stealing is too easy). Users have to re-authenticate.
Previously, it was impossible to do so without having a username and
password; this change lets you do it with OpenID, too.
---
 actions/finishopenidlogin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actions/finishopenidlogin.php')

diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index 880a9505b..bc9151120 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action
     function handle($args)
     {
         parent::handle($args);
-        if (common_logged_in()) {
+        if (common_is_real_login()) {
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $token = $this->trimmed('token');
-- 
cgit v1.2.3-54-g00ecf