Commit Graph

38 Commits

Author SHA1 Message Date
Evan Prodromou
7ad3ff4a2c Allow re-authentication with OpenID
"Rememberme" logins aren't allowed to make changes to an account
(since cookie-stealing is too easy). Users have to re-authenticate.
Previously, it was impossible to do so without having a username and
password; this change lets you do it with OpenID, too.
2009-02-05 11:46:17 -05:00
Evan Prodromou
cc5808cc28 Update finishopenidlogin 2009-01-23 00:30:57 +01:00
Evan Prodromou
4b0cf99e56 Convert use of common_server_error and common_user_error to methods on Action 2009-01-15 23:03:38 +00:00
Evan Prodromou
eaa81d25fa Convert all actions to use new UI functions
I did a massive search-and-replace to get all the action subclasses to
use the new output function (common_element() -> $this->element(), etc.)

There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
Evan Prodromou
b264c03d32 move opening brace of class declaration to next line
Another gigantor PEAR coding standards patch. Here, I've moved the
opening curly bracket on a class statement to the following line.

darcs-hash:20081223194923-84dde-77a93de314caadbcb5b70bf346a4648be77a864e.gz
2008-12-23 14:49:23 -05:00
Evan Prodromou
04ef1ba8ee change function headers to K&R style
Another huge change, for PEAR code standards compliance. Function
headers have to be in K&R style (opening brace on its own line),
instead of having the opening brace on the same line as the function
and parameters. So, a little perl magic found all the function
definitions and move the opening brace to the next line (properly
indented... usually).

darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 14:33:23 -05:00
Evan Prodromou
eb2f9c98ac replace NULL with null
Another global search-and-replace update. Here, I've replaced the PHP
keyword 'NULL' with its lowercase version. This is another PEAR code
standards change.

darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz
2008-12-23 14:21:29 -05:00
Evan Prodromou
edbc0c665c replace all tabs with four spaces
The PEAR coding standards decree: no tabs, but indent by four spaces.
I've done a global search-and-replace on all tabs, replacing them by
four spaces. This is a huge change, but it will go a long way to
getting us towards phpcs-compliance. And that means better code
readability, and that means more participation.

darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 14:19:07 -05:00
Evan Prodromou
b9fdc2c419 resolve conflicts
darcs-hash:20081210014619-5ed1f-b78d0990f80f7fee6f31424bc1e366d08767af9d.gz
2008-12-09 20:46:19 -05:00
Evan Prodromou
6c9031cc7b don't allow new users if the site is closed or invite only in OpenID
darcs-hash:20081203185022-5ed1f-a618527f069301c34b3fd6a75ae5676f45e64d39.gz
2008-12-03 13:50:22 -05:00
Evan Prodromou
3909544f9e slightly better rememberme logic in finishopenidlogin
darcs-hash:20081209180330-84dde-ba48eed8a9a557bac90d3869d60b24a4b9683e61.gz
2008-12-09 13:03:30 -05:00
Evan Prodromou
67340ce11c ♫ Don't you forget about me ♫
darcs-hash:20081118024947-84dde-46f68dff10cd2b5665fbd482f90ac83601df4228.gz
2008-11-17 21:49:47 -05:00
Evan Prodromou
d6dd35a66a add a token for CSRF avoidance
darcs-hash:20080829034854-84dde-a636b446dc254aaa77ac65f63be01e49c192bf32.gz
2008-08-28 23:48:54 -04:00
Evan Prodromou
7554f2561c move user registration to a single static method
darcs-hash:20080814002038-84dde-8505d4e083056b770db128129a95be639d8e7f0a.gz
2008-08-13 20:20:38 -04:00
Mike Cochrane
b104da04fb Colapse a lot of strings to make like easier for translators and more consisitant for users
darcs-hash:20080713053748-533db-1cdb0cf3a9e4102eb139b74a7a9d4f97dadb20b8.gz
2008-07-13 01:37:48 -04:00
Mike Cochrane
834c21b2aa Merge some gettext strings to one line so translation tools are happier
darcs-hash:20080713044608-533db-ee16aecee9b6d82b22ce6a25f6a9573c23eee9f8.gz
2008-07-13 00:46:08 -04:00
Mike Cochrane
0f502b8d86 Remove tralling whitespace on lines and a gettext replacement that I missed.
darcs-hash:20080708095113-533db-ad63bbde67b6275fb7ae944cc9882adf6f3be517.gz
2008-07-08 05:51:13 -04:00
Mike Cochrane
87b494f1eb Convert _t() to _() for gettext.
darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz
2008-07-08 05:45:31 -04:00
Evan Prodromou
f6bdb42d35 don't auto-pull OpenID parameters
darcs-hash:20080710151842-84dde-ad2159088ed05830e4feba88880863c84c4728c8.gz
2008-07-10 11:18:42 -04:00
Evan Prodromou
721d6f94c7 method
darcs-hash:20080702131507-84dde-507a6380fcab66c1fbcbaad6d1399c8a2f210acf.gz
2008-07-02 09:15:07 -04:00
Evan Prodromou
be3a44651c implement rememberme functionality
Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.

However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.

darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
2008-06-23 22:52:34 -04:00
Evan Prodromou
1899d09cd1 forgot to return on invalid nickname
darcs-hash:20080622181550-34904-7970919db30ccfc3979fa6c118c29af9eac0c550.gz
2008-06-22 14:15:50 -04:00
Evan Prodromou
d758c11784 disallow nicknames on a blacklist
darcs-hash:20080622180437-34904-4b6313f6fd8845232031663c5c2df00dff725183.gz
2008-06-22 14:04:37 -04:00
Evan Prodromou
15a09c5d69 change from using tag uris to http urls for identifiers
Weirdly, I got in an argument with Tim Berners-Lee in #swig about the
tag URIs I was using in FOAF documents. Eventually, I was convinced
that it's a better thing to use HTTP URLs instead. So, now we have
HTTP URLs.

The tricky thing was for users. Since they can change their names, we
can't use their profile URL, since it includes the name. Instead, I
made up a new action, which simply redirects from a user ID to their
current profile URL. This should be sufficiently long-term.

darcs-hash:20080620071700-84dde-c6145243dc45dd2dff621aff421375d05796057e.gz
2008-06-20 03:17:00 -04:00
Evan Prodromou
aabac60b6e push instructions into head and require license
darcs-hash:20080619173225-84dde-d73961d047f75fa1e3ac4287d35e4c6afb391e84.gz
2008-06-19 13:32:25 -04:00
Evan Prodromou
26c7d5f04e need a profileurl for new users
darcs-hash:20080619151803-5ed1f-53df3a53f1147233658397c3c6d2cd6a2202b199.gz
2008-06-19 11:18:03 -04:00
Evan Prodromou
0ba9948603 move update_user function to openid.php
darcs-hash:20080619135148-84dde-6caaa7f97d2405bc318bfa818c4ac9cbc31cab33.gz
2008-06-19 09:51:48 -04:00
Evan Prodromou
171b4f72ee immediate mode for openid
darcs-hash:20080619134710-84dde-6086a4ac7bbd72a251fe5ce6fe3156e3270ebd74.gz
2008-06-19 09:47:10 -04:00
Evan Prodromou
65816a6e2f fix syntax error in finishopenidlogin
darcs-hash:20080618123941-84dde-ec6e2fdef8c561714e509dc47e14aa47c58a9c44.gz
2008-06-18 08:39:41 -04:00
Evan Prodromou
4a0b1a9ea9 consolidate linking a user to an OpenID
darcs-hash:20080618114310-84dde-15b224bb16d434150af457bc3b08de58e3833abd.gz
2008-06-18 07:43:10 -04:00
Evan Prodromou
f08a99e5f1 fix missing parens
darcs-hash:20080618062059-84dde-f3d27969a876fd89c5f01fb690ca367a51ec1b5e.gz
2008-06-18 02:20:59 -04:00
Evan Prodromou
3bd2513c0b go to profile instead of profile settings
darcs-hash:20080618061833-84dde-e77ea989a6caaf1d6722d6e82c1bcd04da44f486.gz
2008-06-18 02:18:33 -04:00
Evan Prodromou
94c4262dcf set nickname correctly
darcs-hash:20080618061117-84dde-6983ed79c2d0e985fc8b00ac7c270b46d92bc20d.gz
2008-06-18 02:11:17 -04:00
Evan Prodromou
21463458c5 fix get_saved_values() function in finishopenidlogin
darcs-hash:20080618060549-84dde-d32f1f167a69ea4f98f6a4a2f2ac753675e8cafd.gz
2008-06-18 02:05:49 -04:00
Evan Prodromou
66a1a13435 refactoring error
darcs-hash:20080618055836-84dde-7a0c460ec125581b659df39c8a079b9fcdc8dbaa.gz
2008-06-18 01:58:36 -04:00
Evan Prodromou
4000840243 check existence of args not booleanness
darcs-hash:20080618055657-84dde-269a234dd68867ca4f159031fe206e31131ef108.gz
2008-06-18 01:56:57 -04:00
Evan Prodromou
cba4168d62 fix prompt and debug input
darcs-hash:20080618055349-84dde-8ac49632d06a7b271d13912d46d26c7c1f1ec793.gz
2008-06-18 01:53:49 -04:00
Evan Prodromou
252c4098c4 finish openid
Added some code to make finishing the OpenID login work.

Changed the OID storage so that there's a "canonical" URL and a
display URL. This is because of i-names, which is annoying.

If the login succeeds, we try to find a local user associated with the
canonical URL. If they don't exist, we let the user either create a
new account, or login to an existing account and connect to it.

A totally unrelated change is that the DB engine now uses InnoDB.

darcs-hash:20080618052638-84dde-909e51dbd5b9eadadf18cd010868baa18ea2349a.gz
2008-06-18 01:26:38 -04:00