Craig Andrews
90c87553ee
Redirect to https when making an http request for a sensitive action
2010-10-20 20:26:35 -04:00
Craig Andrews
3dd734b2c3
Remove CSRF protection from username/password login and from OpenID login.
2010-09-07 13:45:52 -04:00
Brion Vibber
14a76926a2
Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.
...
The forms would already submit to SSL, but people are happier if they start on a secure page!
Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!
2010-05-18 21:52:17 +00:00
Brion Vibber
e547a2f54c
Fix ticket #2289 : registration links were showing in top nav bar, login page message when site set to invite-only or closed registration, when the 'register' action can't be used.
2010-04-19 18:45:50 +02:00
Evan Prodromou
5ec25a9691
inject session before redirect for login
2010-01-11 08:40:22 +00:00
Evan Prodromou
54d532e12f
remove redirect to OTP on login from login, register
2010-01-10 22:58:33 -08:00
Evan Prodromou
8c6ec0b59e
fix check for ssl diff in login
2010-01-10 00:23:26 -08:00
Evan Prodromou
304f3b4f18
correctly check for ssl enabled
2010-01-10 00:18:17 -08:00
Evan Prodromou
ed5828f30e
Redirect to a one-time-password when ssl and regular server are different
2010-01-09 15:26:06 -08:00
Craig Andrews
b36ec6da87
Fixed incorrect disabling of login_token.
2009-12-10 13:22:46 -05:00
Craig Andrews
3b14b61fa7
Add a configuration option to disable the login command.
...
$config['logincommand']['disabled'] = true;
This commit should be reverted once the command has been sufficiently tested and trusted.
2009-12-05 21:05:33 -05:00
Craig Andrews
75cac0fd6b
Added 'login' command that gives you a link that can be used to login to the website
2009-12-05 21:05:33 -05:00
Evan Prodromou
224d82793c
Revert "Added 'login' command that gives you a link that can be used to login to the website"
...
This reverts commit b9d40f723b
.
Conflicts:
actions/login.php
classes/statusnet.ini
db/08to09.sql
db/08to09_pg.sql
db/statusnet_pg.sql
lib/command.php
lib/commandinterpreter.php
2009-11-20 02:50:43 -08:00
Eric Helgeson
26a86402cd
Use the $user object nickname, as login name doesnt have to == nickname anymore with plugins such as ldap/etc
2009-11-19 15:00:28 -05:00
Craig Andrews
745ea277d8
Should not canonicalize nickname before calling common_check_user
2009-11-18 16:09:58 -05:00
Craig Andrews
3bff3b2b32
Improve the not authorized error message
2009-11-18 14:44:39 -05:00
Brion Vibber
088081675f
Revert "Remove more contractions"
...
This reverts commit 5ab709b739
.
Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
5ab709b739
Remove more contractions
...
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Craig Andrews
b9d40f723b
Added 'login' command that gives you a link that can be used to login to the website
2009-11-02 18:40:49 -05:00
Craig Andrews
d7ae0ed4fd
Merge remote branch 'laconica/0.8.x' into 0.9.x
...
Conflicts:
lib/omb.php
2009-09-09 22:52:38 -04:00
Sarven Capadisli
277b464054
Created autofocus method to give focus to an element (primarily a form
...
control) on page onload.
Updated some of the pages to use autofocus.
2009-09-03 19:42:50 +00:00
Evan Prodromou
5d09b6b3f0
Merge branch '0.8.x' into 0.9.x
...
Conflicts:
EVENTS.txt
actions/finishremotesubscribe.php
actions/postnotice.php
actions/public.php
actions/remotesubscribe.php
actions/showstream.php
actions/updateprofile.php
actions/userauthorization.php
classes/laconica.ini
lib/common.php
lib/oauthstore.php
lib/omb.php
2009-08-27 11:16:45 -07:00
Evan Prodromou
df86aa7214
define LACONICA and accept LACONICA for backwards compatibility
2009-08-26 10:41:36 -04:00
Evan Prodromou
865b716f09
change LACONICA to STATUSNET
2009-08-25 18:42:34 -04:00
Evan Prodromou
ae883ceb9b
change controlyourself.ca to status.net
2009-08-25 18:19:04 -04:00
Evan Prodromou
d35b2d3f3c
change laconi.ca to status.net
2009-08-25 18:16:46 -04:00
Evan Prodromou
c8b8f07af1
change Laconica and Control Yourself to StatusNet in PHP files
2009-08-25 18:12:20 -04:00
Evan Prodromou
bacef32aac
Revert "Added a configuration option to disable OpenID."
...
This reverts commit 7dc3a90d12
.
Conflicts:
actions/login.php
actions/register.php
lib/accountsettingsaction.php
lib/common.php
lib/logingroupnav.php
2009-08-21 16:38:39 -04:00
Evan Prodromou
9f356b55c6
Merge branch '0.9.x' into openidplugin
...
Conflicts:
actions/login.php
actions/register.php
2009-08-21 16:27:43 -04:00
Jeffery To
7dc3a90d12
Added a configuration option to disable OpenID.
...
If $config['openid']['enabled'] is set to false, OpenID is removed from
the navigation and direct accesses to OpenID login pages redirect to the
login page.
If OpenID is enabled, $config['site']['openidonly'] is ignored, i.e.
OpenID is required to go OpenID-only.
2009-08-13 22:18:06 +08:00
Jeffery To
14b46e2183
Added configuration option to only allow OpenID logins.
...
If $config['site']['openidonly'] is set to true:
* the Login/Register pages will be removed from the navigation;
* directly accesses to the Login/Register pages will redirect to the
OpenID login page;
* most links to the Login/Register pages will link to the OpenID login
page instead.
The user will still need to set a password to access the API and RSS
feeds.
2009-08-10 13:57:39 +08:00
Evan Prodromou
5dc1291b59
move openid instructions to OpenIDPlugin
2009-08-04 13:27:22 -04:00
Evan Prodromou
e9e75fc9d5
isReadOnly() now takes arguments
...
Add an array of arguments to isReadOnly() method of actions, to let
them change their results depending on what actions are called.
Primarily used by the 'api' action. Ideally in the future that will be
multiple actions. But this might still be useful.
2009-04-13 15:49:26 -04:00
Evan Prodromou
c172cbafaa
Try to do intelligent redirect codes
...
After fixing the redirect code output, there are a lot of weirdnesses
with e.g. form handling. Try to add explicit redirect codes where
needed -- principly when handling a POST.
2009-04-01 15:30:59 -04:00
Evan Prodromou
4aa9b95f51
use return value of common_check_user() in login.php
2009-02-20 16:58:19 -05:00
Evan Prodromou
7ea136ee1b
Merge branch '0.7.x' of git://gitorious.org/laconica/sgmurphy-clone into sgmurphy-clone/0.7.x
...
Conflicts:
actions/avatarsettings.php
2009-02-05 12:04:06 -05:00
Sean Murphy
4ced74dc91
Fixed #1140 ; Login form session token not set.
2009-02-05 10:17:19 -05:00
Evan Prodromou
2bd52059db
take out redundant code from login
2009-02-04 15:38:26 -05:00
sarven
0b5f0f4faa
Renamed form_datas to form_data
2009-01-19 03:09:13 +00:00
Evan Prodromou
df58688a58
Fix comment blocks for login
2009-01-18 13:38:29 +00:00
Evan Prodromou
b4b686c118
Fix file and class descriptors
2009-01-18 12:55:07 +00:00
Evan Prodromou
5a313fef6e
Add tabset to login and make it phpcs-compliant
2009-01-18 12:48:47 +00:00
sarven
4b1cc73a58
Favor/Disfavor form @class
...
Created icon, and add style
JS selector change
Fixed return actions
2009-01-18 03:12:39 +00:00
sarven
88c7da66f0
Minor cleanup for login style
2009-01-18 01:02:42 +00:00
sarven
620d0594fc
Reusing @class form_settings
2009-01-18 00:58:43 +00:00
sarven
05b00cc7df
Login styles
2009-01-17 16:22:36 +00:00
sarven
041c3ae151
Merge branch 'uiredesign' of ../evan into uiredesign
2009-01-15 23:19:15 +00:00
Evan Prodromou
e20309315f
Correct error var in login
2009-01-15 23:17:04 +00:00
sarven
39b5957068
Merge branch 'uiredesign' of ../evan into uiredesign
2009-01-15 23:10:44 +00:00
Evan Prodromou
ba9f1f603b
All actions now use isReadOnly()
2009-01-15 23:09:16 +00:00