swap around some stuff to show the form correctly on a CSRF error in openidlogin
darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz
This commit is contained in:
parent
42a6492152
commit
d0a466bdb7
@ -28,14 +28,15 @@ class OpenidloginAction extends Action {
|
||||
if (common_logged_in()) {
|
||||
common_user_error(_('Already logged in.'));
|
||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
$openid_url = $this->trimmed('openid_url');
|
||||
|
||||
# CSRF protection
|
||||
$token = $this->trimmed('token');
|
||||
if (!$token || $token != common_session_token()) {
|
||||
$this->show_form(_('There was a problem with your session token. Try again, please.'));
|
||||
$this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
|
||||
return;
|
||||
}
|
||||
|
||||
$openid_url = $this->trimmed('openid_url');
|
||||
$result = oid_authenticate($openid_url,
|
||||
'finishopenidlogin');
|
||||
if (is_string($result)) { # error message
|
||||
|
Loading…
Reference in New Issue
Block a user