summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorEvan Prodromou <evan@controlezvous.ca>2008-06-23 22:52:34 -0400
committerEvan Prodromou <evan@controlezvous.ca>2008-06-23 22:52:34 -0400
commitbe3a44651c47a27907e682a8e4c9e5dd9352a1f6 (patch)
tree040c86ea5030ed65dae6ac807fff12d8da0fdf94 /actions
parent5df185a5ed0040964dc53585c5187ac5004a7834 (diff)
implement rememberme functionality
Added a checkbox on login or register to remember the current user. If the login is successful, this sets a cookie with a random code (saved in the DB). If they come back, and they aren't logged in "normally", we check to see if they have a rememberme cookie. If so, we log them in. However, they can't change settings -- cookie theft is too prevalent. So we mark a session as having a "real" (password or OpenID) login, or not. In settings pages, we check to see if the login is "real", and if not, we redirect to the login page. darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
Diffstat (limited to 'actions')
-rw-r--r--actions/finishopenidlogin.php3
-rw-r--r--actions/login.php7
-rw-r--r--actions/logout.php3
-rw-r--r--actions/register.php7
4 files changed, 19 insertions, 1 deletions
diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index 02d8fff98..09102e844 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -130,6 +130,7 @@ class FinishopenidloginAction extends Action {
oid_set_last($display);
oid_update_user($user, $sreg);
common_set_user($user->nickname);
+ common_real_login(true);
$this->go_home($user->nickname);
} else {
$this->save_values($display, $canonical, $sreg);
@@ -253,6 +254,7 @@ class FinishopenidloginAction extends Action {
oid_set_last($display);
common_set_user($user->nickname);
+ common_real_login(true);
common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)));
}
@@ -287,6 +289,7 @@ class FinishopenidloginAction extends Action {
oid_update_user($user, $sreg);
oid_set_last($display);
common_set_user($user->nickname);
+ common_real_login(true);
$this->go_home($user->nickname);
}
diff --git a/actions/login.php b/actions/login.php
index 5acb157f4..fe2ae5c1c 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -43,6 +43,10 @@ class LoginAction extends Action {
common_server_error(_t('Error setting user.'));
return;
}
+ common_real_login(true);
+ if ($this->boolean('rememberme')) {
+ common_rememberme();
+ }
# success!
$url = common_get_returnto();
if ($url) {
@@ -66,6 +70,9 @@ class LoginAction extends Action {
'action' => common_local_url('login')));
common_input('nickname', _t('Nickname'));
common_password('password', _t('Password'));
+ common_checkbox('rememberme', _t('Remember me'),
+ _t('Automatically login in the future; ' .
+ 'not for shared computers!'));
common_submit('submit', _t('Login'));
common_element_end('form');
common_show_footer();
diff --git a/actions/logout.php b/actions/logout.php
index c4d0bd4e7..5f3a607a7 100644
--- a/actions/logout.php
+++ b/actions/logout.php
@@ -27,8 +27,9 @@ class LogoutAction extends Action {
if (!common_logged_in()) {
common_user_error(_t('Not logged in.'));
} else {
- oid_clear_last();
common_set_user(NULL);
+ common_real_login(false); # not logged in
+ common_forget_me(); # don't log back in!
common_redirect(common_local_url('public'));
}
}
diff --git a/actions/register.php b/actions/register.php
index 95e684c1b..f346e4b9c 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -69,6 +69,10 @@ class RegisterAction extends Action {
common_server_error(_t('Error setting user.'));
return;
}
+ common_real_login(true);
+ if ($this->boolean('rememberme')) {
+ common_rememberme();
+ }
common_redirect(common_local_url('profilesettings'));
} else {
$this->show_form(_t('Invalid username or password.'));
@@ -170,6 +174,9 @@ class RegisterAction extends Action {
_t('Same as password above'));
common_input('email', _t('Email'), NULL,
_t('Used only for updates, announcements, and password recovery'));
+ common_checkbox('rememberme', _t('Remember me'),
+ _t('Automatically login in the future; ' .
+ 'not for shared computers!'));
common_element_start('p');
common_element('input', array('type' => 'checkbox',
'id' => 'license',