implement rememberme functionality

Added a checkbox on login or register to remember the current user. If the login is successful, this sets a cookie with a random code (saved in the DB). If they come back, and they aren't logged in "normally", we check to see if they have a rememberme cookie. If so, we log them in. However, they can't change settings -- cookie theft is too prevalent. So we mark a session as having a "real" (password or OpenID) login, or not. In settings pages, we check to see if the login is "real", and if not, we redirect to the login page. darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
author: Evan Prodromou <evan@controlezvous.ca> 2008-06-23 22:52:34 -0400
committer: Evan Prodromou <evan@controlezvous.ca> 2008-06-23 22:52:34 -0400
commit: be3a44651c47a27907e682a8e4c9e5dd9352a1f6 (patch)
tree: 040c86ea5030ed65dae6ac807fff12d8da0fdf94 /actions/logout.php
parent: 5df185a5ed0040964dc53585c5187ac5004a7834 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/actions/logout.php b/actions/logout.php
index c4d0bd4e7..5f3a607a7 100644
--- a/actions/logout.php
+++ b/actions/logout.php
@@ -27,8 +27,9 @@ class LogoutAction extends Action {
 		if (!common_logged_in()) {
 			common_user_error(_t('Not logged in.'));
 		} else {
-			oid_clear_last();
 			common_set_user(NULL);
+			common_real_login(false); # not logged in
+			common_forget_me(); # don't log back in!
 			common_redirect(common_local_url('public'));
 		}
 	}
author	Evan Prodromou <evan@controlezvous.ca>	2008-06-23 22:52:34 -0400
committer	Evan Prodromou <evan@controlezvous.ca>	2008-06-23 22:52:34 -0400
commit	be3a44651c47a27907e682a8e4c9e5dd9352a1f6 (patch)
tree	040c86ea5030ed65dae6ac807fff12d8da0fdf94 /actions/logout.php
parent	5df185a5ed0040964dc53585c5187ac5004a7834 (diff)