2 files changed, 15 insertions, 7 deletions

diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php
index b1cec66f4..deee70f36 100644
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -89,12 +89,16 @@ class FinishremotesubscribeAction extends Action
         }
 
         $remote = Remote_profile::staticGet('uri', $service->getListenerURI());
+        if ($remote) {
+            // Note remote profile may not have been saved yet.
+            // @fixme not convinced this is correct at all!
 
-        $profile = Profile::staticGet($remote->id);
+            $profile = Profile::staticGet($remote->id);
 
-        if ($user->hasBlocked($profile)) {
-            $this->clientError(_('That user has blocked you from subscribing.'));
-            return;
+            if ($user->hasBlocked($profile)) {
+                $this->clientError(_('That user has blocked you from subscribing.'));
+                return;
+            }
         }
 
         /* Perform the handling itself via libomb. */
@@ -122,6 +126,7 @@ class FinishremotesubscribeAction extends Action
 
         /* The service URLs are not accessible from datastore, so setting them
            after insertion of the profile. */
+        $remote = Remote_profile::staticGet('uri', $service->getListenerURI());
         $orig_remote = clone($remote);
 
         $remote->postnoticeurl    =
diff --git a/actions/login.php b/actions/login.php
index cee29fd09..cd1326813 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -79,8 +79,6 @@ class LoginAction extends Action
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->checkLogin();
-        } else if (isset($args['user_id']) && isset($args['token'])){
-            $this->checkLogin($args['user_id'],$args['token']);
         } else {
             common_ensure_session();
             $this->showForm();
@@ -97,7 +95,7 @@ class LoginAction extends Action
      * @return void
      */
 
-    function checkLogin($user_id=null, $token=null)
+    function checkLogin()
     {
         if(isset($token) && isset($user_id)){
             //Token based login (from the LoginCommand)
@@ -139,6 +137,11 @@ class LoginAction extends Action
             $user = common_check_user($nickname, $password);
         }
 
+        $nickname = common_canonical_nickname($this->trimmed('nickname'));
+        $password = $this->arg('password');
+
+        $user = common_check_user($nickname, $password);
+
         if (!$user) {
             $this->showForm(_('Incorrect username or password.'));
             return;