Qvitter/actions/qvitterlogin.php

149 lines
5.8 KiB
PHP
Raw Normal View History

2013-08-19 22:30:57 +09:00
<?php
2016-01-18 09:24:37 +09:00
/* · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·
2013-08-19 22:30:57 +09:00
· ·
· ·
· Q V I T T E R ·
· ·
2016-01-18 09:24:37 +09:00
· https://git.gnu.io/h2p/Qvitter ·
2013-08-19 22:30:57 +09:00
· ·
· ·
· <o) ·
· /_//// ·
· (____/ ·
· (o< ·
· o> \\\\_\ ·
· \\) \____) ·
· ·
2016-01-18 09:24:37 +09:00
· ·
2013-08-19 22:30:57 +09:00
· ·
· Qvitter is free software: you can redistribute it and / or modify it ·
· under the terms of the GNU Affero General Public License as published by ·
· the Free Software Foundation, either version three of the License or (at ·
· your option) any later version. ·
· ·
· Qvitter is distributed in hope that it will be useful but WITHOUT ANY ·
· WARRANTY; without even the implied warranty of MERCHANTABILTY or FITNESS ·
· FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for ·
· more details. ·
· ·
· You should have received a copy of the GNU Affero General Public License ·
· along with Qvitter. If not, see <http://www.gnu.org/licenses/>. ·
· ·
· Contact h@nnesmannerhe.im if you have any questions. ·
2016-01-18 09:24:37 +09:00
· ·
2013-08-19 22:30:57 +09:00
· · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · */
if (!defined('GNUSOCIAL')) { exit(1); }
2013-08-19 22:30:57 +09:00
class QvitterLoginAction extends FormAction
{
protected $needLogin = false;
/**
* Prepare page to run
*
*
* @param $args
* @return string title
*/
protected function prepare(array $args=array())
{
// @todo this check should really be in index.php for all sensitive actions
$ssl = common_config('site', 'ssl');
if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
common_redirect(common_local_url('login'));
}
2013-08-19 22:30:57 +09:00
return parent::prepare($args);
}
/**
* Handle input, produce output
*
* Switches on request method; either shows the form or handles its input.
*
* @return void
*/
protected function handle()
{
if (common_is_real_login()) {
common_redirect(common_local_url('all', array('nickname' => $this->scoped->nickname)), 307);
}
return parent::handle();
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
protected function handlePost()
{
parent::handlePost();
// XXX: login throttle
$nickname = $this->trimmed('nickname');
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user instanceof User) {
// TRANS: Form validation error displayed when trying to log in with incorrect credentials.
throw new ServerException(_('Incorrect username or password.'));
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when during login a server error occurs.
throw new ServerException(_('Error setting user. You are probably not authorized.'));
}
common_real_login(true);
2016-01-18 09:24:37 +09:00
$this->updateScopedProfile();
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
2016-12-30 21:25:38 +09:00
// make sure we have a unique app id for this Qvitter installation in config
// to use for creating a csrf token
if(common_config('qvitter', 'appid') == false) {
Config::save('qvitter', 'appid', sha1(common_random_hexstr(16)));
}
// set csrf-cookie
$csrf_token = sha1(common_config('qvitter', 'appid').session_id());
common_set_cookie('Qvitter-CSRF', $csrf_token, time() + 60*60*24*30); // 1 month
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
$url = common_inject_session($url);
} else {
$url = common_local_url('all',
array('nickname' => $this->scoped->nickname));
}
common_redirect($url, 303);
}
function showPage()
{
QvitterAction::showQvitter();
}
}