From b9d40f723bce8e01ddcbbb989bd7035b92cd9af8 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Mon, 2 Nov 2009 18:40:18 -0500
Subject: Added 'login' command that gives you a link that can be used to login
 to the website

---
 actions/login.php | 55 +++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 14 deletions(-)

(limited to 'actions')

diff --git a/actions/login.php b/actions/login.php
index f6d016310..ad57dd667 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -79,6 +79,8 @@ class LoginAction extends Action
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->checkLogin();
+        } else if (isset($args['user_id']) && isset($args['token'])){
+            $this->checkLogin($args['user_id'],$args['token']);
         } else {
             common_ensure_session();
             $this->showForm();
@@ -95,23 +97,48 @@ class LoginAction extends Action
      * @return void
      */
 
-    function checkLogin()
+    function checkLogin($user_id=null, $token=null)
     {
-        // XXX: login throttle
-
-        // CSRF protection - token set in NoticeForm
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            $this->clientError(_('There was a problem with your session token. '.
-                                 'Try again, please.'));
-            return;
+        if(isset($token) && isset($user_id)){
+            //Token based login (from the LoginCommand)
+            $login_token = Login_token::staticGet('user_id',$user_id);
+            if($login_token && $login_token->token == $token){
+                if($login_token->modified > time()+2*60){
+                    //token has expired
+                    //delete the token as it is useless
+                    $login_token->delete();
+                    $this->showForm(_('Invalid or expired token.'));
+                    return;
+                }else{
+                    //delete the token so it cannot be reused
+                    $login_token->delete();
+                    //it's a valid token - let them log in
+                    $user = User::staticGet('id', $user_id);
+                    //$user = User::staticGet('nickname', "candrews");
+                }
+            }else{
+                $this->showForm(_('Invalid or expired token.'));
+                return;
+            }
+        }else{
+            // Regular form submission login
+
+            // XXX: login throttle
+
+            // CSRF protection - token set in NoticeForm
+            $token = $this->trimmed('token');
+            if (!$token || $token != common_session_token()) {
+                $this->clientError(_('There was a problem with your session token. '.
+                                     'Try again, please.'));
+                return;
+            }
+
+            $nickname = common_canonical_nickname($this->trimmed('nickname'));
+            $password = $this->arg('password');
+
+            $user = common_check_user($nickname, $password);
         }
 
-        $nickname = common_canonical_nickname($this->trimmed('nickname'));
-        $password = $this->arg('password');
-
-        $user = common_check_user($nickname, $password);
-
         if (!$user) {
             $this->showForm(_('Incorrect username or password.'));
             return;
-- 
cgit v1.2.3-54-g00ecf