From e3f4165d6997127b7421f4db3e9ef831f79bf446 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Sun, 13 Jul 2008 17:56:01 -0400
Subject: conflict resolution after pulling from mikenz

darcs-hash:20080713215601-84dde-371d54221d9ffbed500e8d3c9e0ad4bb15bd5c30.gz
---
 actions/login.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'actions/login.php')

diff --git a/actions/login.php b/actions/login.php
index 003d6613f..0f2dec1a4 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -109,10 +109,21 @@ class LoginAction extends Action {
 	}
 
 	function get_instructions() {
-		return _('Login with your username and password. ' .
-				  'Don\'t have a username yet? ' .
-				  '[Register](%%action.register%%) a new account, or ' .
-				  'try [OpenID](%%action.openidlogin%%). ');
+		if (common_logged_in() &&
+			!common_is_real_login() &&
+			common_get_returnto())
+		{
+			# rememberme logins have to reauthenticate before
+			# changing any profile settings (cookie-stealing protection)
+			return _('For security reasons, please re-enter your ' .
+					 'user name and password ' .
+					 'before changing your settings.');
+		} else {
+			return _('Login with your username and password. ' .
+					 'Don\'t have a username yet? ' .
+					 '[Register](%%action.register%%) a new account, or ' .
+					 'try [OpenID](%%action.openidlogin%%). ');
+		}
 	}
 
 	function show_top($error=NULL) {
-- 
cgit v1.2.3-54-g00ecf