swap around some stuff to show the form correctly on a CSRF error in openidlogin
darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz
This commit is contained in:
parent
42a6492152
commit
d0a466bdb7
@ -28,14 +28,15 @@ class OpenidloginAction extends Action {
|
|||||||
if (common_logged_in()) {
|
if (common_logged_in()) {
|
||||||
common_user_error(_('Already logged in.'));
|
common_user_error(_('Already logged in.'));
|
||||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
|
$openid_url = $this->trimmed('openid_url');
|
||||||
|
|
||||||
# CSRF protection
|
# CSRF protection
|
||||||
$token = $this->trimmed('token');
|
$token = $this->trimmed('token');
|
||||||
if (!$token || $token != common_session_token()) {
|
if (!$token || $token != common_session_token()) {
|
||||||
$this->show_form(_('There was a problem with your session token. Try again, please.'));
|
$this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$openid_url = $this->trimmed('openid_url');
|
|
||||||
$result = oid_authenticate($openid_url,
|
$result = oid_authenticate($openid_url,
|
||||||
'finishopenidlogin');
|
'finishopenidlogin');
|
||||||
if (is_string($result)) { # error message
|
if (is_string($result)) { # error message
|
||||||
|
Loading…
Reference in New Issue
Block a user