implement rememberme functionality

Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.

However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.

darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz

1 files changed, 7 insertions, 0 deletions

diff --git a/actions/register.php b/actions/register.php
index 95e684c1b..f346e4b9c 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -69,6 +69,10 @@ class RegisterAction extends Action {
 				common_server_error(_t('Error setting user.'));
 				return;
 			}
+			common_real_login(true);
+			if ($this->boolean('rememberme')) {
+				common_rememberme();
+			}
 			common_redirect(common_local_url('profilesettings'));
 		} else {
 			$this->show_form(_t('Invalid username or password.'));
@@ -170,6 +174,9 @@ class RegisterAction extends Action {
 						_t('Same as password above'));
 		common_input('email', _t('Email'), NULL,
 					 _t('Used only for updates, announcements, and password recovery'));
+		common_checkbox('rememberme', _t('Remember me'),
+		                _t('Automatically login in the future; ' . 
+		                   'not for shared computers!'));
 		common_element_start('p');
 		common_element('input', array('type' => 'checkbox',
 									  'id' => 'license',