From c7f50769066591a23cf778a6db1ad44c9593caae Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Wed, 9 Jul 2008 01:00:22 -0400
Subject: [PATCH] better description of what happens when changing settings

darcs-hash:20080709050022-84dde-b8b583c8d2c67bcf6bbe86b2ff26eec7af345d72.gz
---
 actions/login.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/actions/login.php b/actions/login.php
index 5943464f7f..ae75c90445 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -84,10 +84,21 @@ class LoginAction extends Action {
 	}
 
 	function get_instructions() {
-		return _t('Login with your username and password. ' .
-				  'Don\'t have a username yet? ' .
-				  '[Register](%%action.register%%) a new account, or ' .
-				  'try [OpenID](%%action.openidlogin%%). ');
+		if (common_logged_in() &&
+			!common_is_real_login() &&
+			common_get_returnto())
+		{
+			# rememberme logins have to reauthenticate before
+			# changing any profile settings (cookie-stealing protection)
+			return _t('To change your settings, login with your ' .
+					  'user name and password ' . 
+					  '(or use [OpenID](%%action.openidlogin%%)).');
+		} else {
+			return _t('Login with your username and password. ' .
+					  'Don\'t have a username yet? ' .
+					  '[Register](%%action.register%%) a new account, or ' .
+					  'try [OpenID](%%action.openidlogin%%). ');
+		}
 	}
 
 	function show_top($error=NULL) {