diff options
author | Evan Prodromou <evan@controlezvous.ca> | 2008-06-23 22:52:34 -0400 |
---|---|---|
committer | Evan Prodromou <evan@controlezvous.ca> | 2008-06-23 22:52:34 -0400 |
commit | be3a44651c47a27907e682a8e4c9e5dd9352a1f6 (patch) | |
tree | 040c86ea5030ed65dae6ac807fff12d8da0fdf94 /actions/register.php | |
parent | 5df185a5ed0040964dc53585c5187ac5004a7834 (diff) |
implement rememberme functionality
Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.
However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.
darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
Diffstat (limited to 'actions/register.php')
-rw-r--r-- | actions/register.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/register.php b/actions/register.php index 95e684c1b..f346e4b9c 100644 --- a/actions/register.php +++ b/actions/register.php @@ -69,6 +69,10 @@ class RegisterAction extends Action { common_server_error(_t('Error setting user.')); return; } + common_real_login(true); + if ($this->boolean('rememberme')) { + common_rememberme(); + } common_redirect(common_local_url('profilesettings')); } else { $this->show_form(_t('Invalid username or password.')); @@ -170,6 +174,9 @@ class RegisterAction extends Action { _t('Same as password above')); common_input('email', _t('Email'), NULL, _t('Used only for updates, announcements, and password recovery')); + common_checkbox('rememberme', _t('Remember me'), + _t('Automatically login in the future; ' . + 'not for shared computers!')); common_element_start('p'); common_element('input', array('type' => 'checkbox', 'id' => 'license', |