implement rememberme functionality

Added a checkbox on login or register to remember the current user. If the login is successful, this sets a cookie with a random code (saved in the DB). If they come back, and they aren't logged in "normally", we check to see if they have a rememberme cookie. If so, we log them in. However, they can't change settings -- cookie theft is too prevalent. So we mark a session as having a "real" (password or OpenID) login, or not. In settings pages, we check to see if the login is "real", and if not, we redirect to the login page. darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
2008-06-23 22:52:34 -04:00
parent 5df185a5ed
commit be3a44651c
8 changed files with 158 additions and 55 deletions
--- a/lib/settingsaction.php
+++ b/lib/settingsaction.php
@@ -26,6 +26,12 @@ class SettingsAction extends Action {
        if (!common_logged_in()) {
            common_user_error(_t('Not logged in.'));
            return;
+        } else if (!common_is_real_login()) {
+        	# Cookie theft means that automatic logins can't
+        	# change important settings or see private info, and
+        	# _all_ our settings are important
+            common_set_returnto($this->self_url());
+            common_redirect(common_local_url('login'));
        } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $this->handle_post();
        } else {
@@ -52,8 +58,8 @@ class SettingsAction extends Action {
    function settings_menu() {
        # action => array('prompt', 'title')
        static $menu =
-        array('profilesettings' => 
-              array('Profile', 
+        array('profilesettings' =>
+              array('Profile',
              		'Change your profile settings'),
            'avatar' =>
            array('Avatar',
@@ -62,12 +68,12 @@ class SettingsAction extends Action {
            array('Password',
                  'Change your password'),
            'openidsettings' =>
-            array('OpenID', 
+            array('OpenID',
                  'Add or remove OpenIDs'),
            'imsettings' =>
            array('IM',
                  'Updates by instant messenger (IM)'));
-                       
+
        $action = $this->trimmed('action');
        common_element_start('ul', array('id' => 'nav_views'));
        foreach ($menu as $menuaction => $menudesc) {