. */ if (!defined('LACONICA')) { exit(1); } class LoginAction extends Action { function handle($args) { parent::handle($args); if (common_is_real_login()) { common_user_error(_t('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->check_login(); } else { $this->show_form(); } } function check_login() { # XXX: form token in $_SESSION to prevent XSS # XXX: login throttle $nickname = $this->arg('nickname'); $password = $this->arg('password'); if (common_check_user($nickname, $password)) { # success! if (!common_set_user($nickname)) { common_server_error(_t('Error setting user.')); return; } common_real_login(true); if ($this->boolean('rememberme')) { common_rememberme(); } # success! $url = common_get_returnto(); if ($url) { # We don't have to return to it again common_set_returnto(NULL); } else { $url = common_local_url('all', array('nickname' => $nickname)); } common_redirect($url); } else { $this->show_form(_t('Incorrect username or password.')); } } function show_form($error=NULL) { common_show_header(_t('Login'), NULL, $error, array($this, 'show_top')); common_element_start('form', array('method' => 'POST', 'id' => 'login', 'action' => common_local_url('login'))); common_input('nickname', _t('Nickname')); common_password('password', _t('Password')); common_checkbox('rememberme', _t('Remember me'), _t('Automatically login in the future; ' . 'not for shared computers!')); common_submit('submit', _t('Login')); common_element_end('form'); common_element_start('p'); common_element('a', array('href' => common_local_url('recoverpassword')), _t('Lost or forgotten password?')); common_element_end('p'); common_show_footer(); } function show_top($error=NULL) { if ($error) { common_element('p', 'error', $error); } else { common_element('p', 'instructions', _t('Login with your username and password. ' . 'Don\'t have a username yet? Choose register above. ')); } } }