Exemple #1
0
 /**
  * Check the login data
  *
  * Determines if the login data is valid. If so, logs the user
  * in, and redirects to the 'with friends' page, or to the stored
  * return-to URL.
  *
  * @return void
  */
 protected function doPost()
 {
     // XXX: login throttle
     $nickname = $this->trimmed('nickname');
     $password = $this->arg('password');
     $user = common_check_user($nickname, $password);
     if (!$user instanceof User) {
         // TRANS: Form validation error displayed when trying to log in with incorrect credentials.
         throw new ServerException(_('Incorrect username or password.'));
     }
     // success!
     if (!common_set_user($user)) {
         // TRANS: Server error displayed when during login a server error occurs.
         throw new ServerException(_('Error setting user. You are probably not authorized.'));
     }
     common_real_login(true);
     $this->updateScopedProfile();
     if ($this->boolean('rememberme')) {
         common_rememberme($user);
     }
     $url = common_get_returnto();
     if ($url) {
         // We don't have to return to it again
         common_set_returnto(null);
         $url = common_inject_session($url);
     } else {
         $url = common_local_url('all', array('nickname' => $this->scoped->nickname));
     }
     common_redirect($url, 303);
 }
Exemple #2
0
function common_path($relative, $ssl = false, $addSession = true)
{
    $pathpart = common_config('site', 'path') ? common_config('site', 'path') . "/" : '';
    if ($ssl && common_config('site', 'ssl') === 'sometimes' || common_config('site', 'ssl') === 'always') {
        $proto = 'https';
        if (is_string(common_config('site', 'sslserver')) && mb_strlen(common_config('site', 'sslserver')) > 0) {
            $serverpart = common_config('site', 'sslserver');
        } else {
            if (common_config('site', 'server')) {
                $serverpart = common_config('site', 'server');
            } else {
                common_log(LOG_ERR, 'Site server not configured, unable to determine site name.');
            }
        }
    } else {
        $proto = 'http';
        if (common_config('site', 'server')) {
            $serverpart = common_config('site', 'server');
        } else {
            common_log(LOG_ERR, 'Site server not configured, unable to determine site name.');
        }
    }
    if ($addSession) {
        $relative = common_inject_session($relative, $serverpart);
    }
    return $proto . '://' . $serverpart . '/' . $pathpart . $relative;
}
 function goHome($nickname)
 {
     $url = common_get_returnto();
     if ($url) {
         # We don't have to return to it again
         common_set_returnto(null);
         $url = common_inject_session($url);
     } else {
         $url = common_local_url('all', array('nickname' => $nickname));
     }
     common_redirect($url, 303);
 }
 /**
  * Check the login data
  *
  * Determines if the login data is valid. If so, logs the user
  * in, and redirects to the 'with friends' page, or to the stored
  * return-to URL.
  *
  * @return void
  */
 function checkLogin($user_id = null, $token = null)
 {
     // XXX: login throttle
     // CSRF protection - token set in NoticeForm
     $token = $this->trimmed('token');
     if (!$token || $token != common_session_token()) {
         $st = common_session_token();
         if (empty($token)) {
             common_log(LOG_WARNING, 'No token provided by client.');
         } else {
             if (empty($st)) {
                 common_log(LOG_WARNING, 'No session token stored.');
             } else {
                 common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
             }
         }
         $this->clientError(_('There was a problem with your session token. ' . 'Try again, please.'));
         return;
     }
     $nickname = $this->trimmed('nickname');
     $password = $this->arg('password');
     $user = common_check_user($nickname, $password);
     if (!$user) {
         $this->showForm(_('Incorrect username or password.'));
         return;
     }
     // success!
     if (!common_set_user($user)) {
         $this->serverError(_('Error setting user. You are probably not authorized.'));
         return;
     }
     common_real_login(true);
     if ($this->boolean('rememberme')) {
         common_rememberme($user);
     }
     $url = common_get_returnto();
     if ($url) {
         // We don't have to return to it again
         common_set_returnto(null);
         $url = common_inject_session($url);
     } else {
         $url = common_local_url('all', array('nickname' => $user->nickname));
     }
     common_redirect($url, 303);
 }