Commit Graph

101 Commits

Author SHA1 Message Date
Craig Andrews
90c87553ee Redirect to https when making an http request for a sensitive action 2010-10-20 20:26:35 -04:00
Craig Andrews
3dd734b2c3 Remove CSRF protection from username/password login and from OpenID login. 2010-09-07 13:45:52 -04:00
Brion Vibber
14a76926a2 Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.
The forms would already submit to SSL, but people are happier if they start on a secure page!

Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!
2010-05-18 21:52:17 +00:00
Brion Vibber
e547a2f54c Fix ticket #2289: registration links were showing in top nav bar, login page message when site set to invite-only or closed registration, when the 'register' action can't be used. 2010-04-19 18:45:50 +02:00
Evan Prodromou
5ec25a9691 inject session before redirect for login 2010-01-11 08:40:22 +00:00
Evan Prodromou
54d532e12f remove redirect to OTP on login from login, register 2010-01-10 22:58:33 -08:00
Evan Prodromou
8c6ec0b59e fix check for ssl diff in login 2010-01-10 00:23:26 -08:00
Evan Prodromou
304f3b4f18 correctly check for ssl enabled 2010-01-10 00:18:17 -08:00
Evan Prodromou
ed5828f30e Redirect to a one-time-password when ssl and regular server are different 2010-01-09 15:26:06 -08:00
Craig Andrews
b36ec6da87 Fixed incorrect disabling of login_token. 2009-12-10 13:22:46 -05:00
Craig Andrews
3b14b61fa7 Add a configuration option to disable the login command.
$config['logincommand']['disabled'] = true;

This commit should be reverted once the command has been sufficiently tested and trusted.
2009-12-05 21:05:33 -05:00
Craig Andrews
75cac0fd6b Added 'login' command that gives you a link that can be used to login to the website 2009-12-05 21:05:33 -05:00
Evan Prodromou
224d82793c Revert "Added 'login' command that gives you a link that can be used to login to the website"
This reverts commit b9d40f723b.

Conflicts:

	actions/login.php
	classes/statusnet.ini
	db/08to09.sql
	db/08to09_pg.sql
	db/statusnet_pg.sql
	lib/command.php
	lib/commandinterpreter.php
2009-11-20 02:50:43 -08:00
Eric Helgeson
26a86402cd Use the $user object nickname, as login name doesnt have to == nickname anymore with plugins such as ldap/etc 2009-11-19 15:00:28 -05:00
Craig Andrews
745ea277d8 Should not canonicalize nickname before calling common_check_user 2009-11-18 16:09:58 -05:00
Craig Andrews
3bff3b2b32 Improve the not authorized error message 2009-11-18 14:44:39 -05:00
Brion Vibber
088081675f Revert "Remove more contractions"
This reverts commit 5ab709b739.

Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
5ab709b739 Remove more contractions
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Craig Andrews
b9d40f723b Added 'login' command that gives you a link that can be used to login to the website 2009-11-02 18:40:49 -05:00
Craig Andrews
d7ae0ed4fd Merge remote branch 'laconica/0.8.x' into 0.9.x
Conflicts:
	lib/omb.php
2009-09-09 22:52:38 -04:00
Sarven Capadisli
277b464054 Created autofocus method to give focus to an element (primarily a form
control) on page onload.

Updated some of the pages to use autofocus.
2009-09-03 19:42:50 +00:00
Evan Prodromou
5d09b6b3f0 Merge branch '0.8.x' into 0.9.x
Conflicts:
	EVENTS.txt
	actions/finishremotesubscribe.php
	actions/postnotice.php
	actions/public.php
	actions/remotesubscribe.php
	actions/showstream.php
	actions/updateprofile.php
	actions/userauthorization.php
	classes/laconica.ini
	lib/common.php
	lib/oauthstore.php
	lib/omb.php
2009-08-27 11:16:45 -07:00
Evan Prodromou
df86aa7214 define LACONICA and accept LACONICA for backwards compatibility 2009-08-26 10:41:36 -04:00
Evan Prodromou
865b716f09 change LACONICA to STATUSNET 2009-08-25 18:42:34 -04:00
Evan Prodromou
ae883ceb9b change controlyourself.ca to status.net 2009-08-25 18:19:04 -04:00
Evan Prodromou
d35b2d3f3c change laconi.ca to status.net 2009-08-25 18:16:46 -04:00
Evan Prodromou
c8b8f07af1 change Laconica and Control Yourself to StatusNet in PHP files 2009-08-25 18:12:20 -04:00
Evan Prodromou
bacef32aac Revert "Added a configuration option to disable OpenID."
This reverts commit 7dc3a90d12.

Conflicts:

	actions/login.php
	actions/register.php
	lib/accountsettingsaction.php
	lib/common.php
	lib/logingroupnav.php
2009-08-21 16:38:39 -04:00
Evan Prodromou
9f356b55c6 Merge branch '0.9.x' into openidplugin
Conflicts:
	actions/login.php
	actions/register.php
2009-08-21 16:27:43 -04:00
Jeffery To
7dc3a90d12 Added a configuration option to disable OpenID.
If $config['openid']['enabled'] is set to false, OpenID is removed from
the navigation and direct accesses to OpenID login pages redirect to the
login page.

If OpenID is enabled, $config['site']['openidonly'] is ignored, i.e.
OpenID is required to go OpenID-only.
2009-08-13 22:18:06 +08:00
Jeffery To
14b46e2183 Added configuration option to only allow OpenID logins.
If $config['site']['openidonly'] is set to true:
* the Login/Register pages will be removed from the navigation;
* directly accesses to the Login/Register pages will redirect to the
  OpenID login page;
* most links to the Login/Register pages will link to the OpenID login
  page instead.

The user will still need to set a password to access the API and RSS
feeds.
2009-08-10 13:57:39 +08:00
Evan Prodromou
5dc1291b59 move openid instructions to OpenIDPlugin 2009-08-04 13:27:22 -04:00
Evan Prodromou
e9e75fc9d5 isReadOnly() now takes arguments
Add an array of arguments to isReadOnly() method of actions, to let
them change their results depending on what actions are called.
Primarily used by the 'api' action. Ideally in the future that will be
multiple actions. But this might still be useful.
2009-04-13 15:49:26 -04:00
Evan Prodromou
c172cbafaa Try to do intelligent redirect codes
After fixing the redirect code output, there are a lot of weirdnesses
with e.g. form handling. Try to add explicit redirect codes where
needed -- principly when handling a POST.
2009-04-01 15:30:59 -04:00
Evan Prodromou
4aa9b95f51 use return value of common_check_user() in login.php 2009-02-20 16:58:19 -05:00
Evan Prodromou
7ea136ee1b Merge branch '0.7.x' of git://gitorious.org/laconica/sgmurphy-clone into sgmurphy-clone/0.7.x
Conflicts:

	actions/avatarsettings.php
2009-02-05 12:04:06 -05:00
Sean Murphy
4ced74dc91 Fixed #1140; Login form session token not set. 2009-02-05 10:17:19 -05:00
Evan Prodromou
2bd52059db take out redundant code from login 2009-02-04 15:38:26 -05:00
sarven
0b5f0f4faa Renamed form_datas to form_data 2009-01-19 03:09:13 +00:00
Evan Prodromou
df58688a58 Fix comment blocks for login 2009-01-18 13:38:29 +00:00
Evan Prodromou
b4b686c118 Fix file and class descriptors 2009-01-18 12:55:07 +00:00
Evan Prodromou
5a313fef6e Add tabset to login and make it phpcs-compliant 2009-01-18 12:48:47 +00:00
sarven
4b1cc73a58 Favor/Disfavor form @class
Created icon, and add style
JS selector change
Fixed return actions
2009-01-18 03:12:39 +00:00
sarven
88c7da66f0 Minor cleanup for login style 2009-01-18 01:02:42 +00:00
sarven
620d0594fc Reusing @class form_settings 2009-01-18 00:58:43 +00:00
sarven
05b00cc7df Login styles 2009-01-17 16:22:36 +00:00
sarven
041c3ae151 Merge branch 'uiredesign' of ../evan into uiredesign 2009-01-15 23:19:15 +00:00
Evan Prodromou
e20309315f Correct error var in login 2009-01-15 23:17:04 +00:00
sarven
39b5957068 Merge branch 'uiredesign' of ../evan into uiredesign 2009-01-15 23:10:44 +00:00
Evan Prodromou
ba9f1f603b All actions now use isReadOnly() 2009-01-15 23:09:16 +00:00