/** * Check the login data * * Determines if the login data is valid. If so, logs the user * in, and redirects to the 'with friends' page, or to the stored * return-to URL. * * @return void */ protected function doPost() { // XXX: login throttle $nickname = $this->trimmed('nickname'); $password = $this->arg('password'); $user = common_check_user($nickname, $password); if (!$user instanceof User) { // TRANS: Form validation error displayed when trying to log in with incorrect credentials. throw new ServerException(_('Incorrect username or password.')); } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when during login a server error occurs. throw new ServerException(_('Error setting user. You are probably not authorized.')); } common_real_login(true); $this->updateScopedProfile(); if ($this->boolean('rememberme')) { common_rememberme($user); } $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => $this->scoped->nickname)); } common_redirect($url, 303); }
function common_path($relative, $ssl = false, $addSession = true) { $pathpart = common_config('site', 'path') ? common_config('site', 'path') . "/" : ''; if ($ssl && common_config('site', 'ssl') === 'sometimes' || common_config('site', 'ssl') === 'always') { $proto = 'https'; if (is_string(common_config('site', 'sslserver')) && mb_strlen(common_config('site', 'sslserver')) > 0) { $serverpart = common_config('site', 'sslserver'); } else { if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); } else { common_log(LOG_ERR, 'Site server not configured, unable to determine site name.'); } } } else { $proto = 'http'; if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); } else { common_log(LOG_ERR, 'Site server not configured, unable to determine site name.'); } } if ($addSession) { $relative = common_inject_session($relative, $serverpart); } return $proto . '://' . $serverpart . '/' . $pathpart . $relative; }
function goHome($nickname) { $url = common_get_returnto(); if ($url) { # We don't have to return to it again common_set_returnto(null); $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => $nickname)); } common_redirect($url, 303); }
/** * Check the login data * * Determines if the login data is valid. If so, logs the user * in, and redirects to the 'with friends' page, or to the stored * return-to URL. * * @return void */ function checkLogin($user_id = null, $token = null) { // XXX: login throttle // CSRF protection - token set in NoticeForm $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $st = common_session_token(); if (empty($token)) { common_log(LOG_WARNING, 'No token provided by client.'); } else { if (empty($st)) { common_log(LOG_WARNING, 'No session token stored.'); } else { common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st); } } $this->clientError(_('There was a problem with your session token. ' . 'Try again, please.')); return; } $nickname = $this->trimmed('nickname'); $password = $this->arg('password'); $user = common_check_user($nickname, $password); if (!$user) { $this->showForm(_('Incorrect username or password.')); return; } // success! if (!common_set_user($user)) { $this->serverError(_('Error setting user. You are probably not authorized.')); return; } common_real_login(true); if ($this->boolean('rememberme')) { common_rememberme($user); } $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => $user->nickname)); } common_redirect($url, 303); }