The official, canonical postActiv repository. http://www.postactiv.com

login.php 8.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
  1. <?php
  2. // !TODO: I WRITE HTML, REFACTOR FOR SMARTY
  3. /* ============================================================================
  4. * Title: Login
  5. * Login form
  6. *
  7. * postActiv:
  8. * the micro-blogging software
  9. *
  10. * Copyright:
  11. * Copyright (C) 2016-2018, Maiyannah Bishop
  12. *
  13. * Derived from code copyright various sources:
  14. * o GNU Social (C) 2013-2016, Free Software Foundation, Inc
  15. * o StatusNet (C) 2008-2012, StatusNet, Inc
  16. * ----------------------------------------------------------------------------
  17. * License:
  18. * This program is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License as published by
  20. * the Free Software Foundation, either version 3 of the License, or
  21. * (at your option) any later version.
  22. *
  23. * This program is distributed in the hope that it will be useful,
  24. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  25. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  26. * GNU Affero General Public License for more details.
  27. *
  28. * You should have received a copy of the GNU Affero General Public License
  29. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  30. *
  31. * <https://www.gnu.org/licenses/agpl.html>
  32. * ----------------------------------------------------------------------------
  33. * About:
  34. * Login form
  35. *
  36. * PHP version:
  37. * Tested with PHP 7.0
  38. * ----------------------------------------------------------------------------
  39. * File Authors:
  40. * o Evan Prodromou
  41. * o Mike Cochrane <mikec@mikenz.geek.nz>
  42. * o Zach Copley
  43. * o Sarven Capadisli
  44. * o Sean Murphy <sgmurphy@gmail.com>
  45. * o Jeffrey To <jeffery.to@gmail.com>
  46. * o Eric Helgeson <erichelgeson@gmail.com>
  47. * o Brion Vibber <brion@pobox.com>
  48. * o Craig Andrews <candrews@integralblue.com>
  49. * o Sam Nicholls <msn@central.aber.ac.uk>
  50. * o Siebrand Mazeland <s.mazeland@xs4all.nl>
  51. * o Mikael Nordfeldth <mmn@hethane.se>
  52. * o Maiyannah Bishop <maiyannah.bishop@postactiv.com>
  53. *
  54. * Web:
  55. * o postActiv <http://www.postactiv.com>
  56. * o GNU social <https://www.gnu.org/s/social/>
  57. * ============================================================================
  58. */
  59. // This file is formatted so that it provides useful documentation output in
  60. // NaturalDocs. Please be considerate of this before changing formatting.
  61. if (!defined('POSTACTIV')) { exit(1); }
  62. class LoginAction extends FormAction
  63. {
  64. protected $needLogin = false;
  65. /**
  66. * Handle input, produce output
  67. *
  68. * Switches on request method; either shows the form or handles its input.
  69. *
  70. * @return void
  71. */
  72. protected function handle()
  73. {
  74. if (common_is_real_login()) {
  75. common_redirect(common_local_url('all', array('nickname' => $this->scoped->nickname)), 307);
  76. }
  77. return parent::handle();
  78. }
  79. /**
  80. * Check the login data
  81. *
  82. * Determines if the login data is valid. If so, logs the user
  83. * in, and redirects to the 'with friends' page, or to the stored
  84. * return-to URL.
  85. *
  86. * @return void
  87. */
  88. protected function doPost()
  89. {
  90. // XXX: login throttle
  91. $nickname = $this->trimmed('nickname');
  92. $password = $this->arg('password');
  93. $user = common_check_user($nickname, $password);
  94. if (!$user instanceof User) {
  95. // TRANS: Form validation error displayed when trying to log in with incorrect credentials.
  96. throw new ServerException(_('Incorrect username or password.'));
  97. }
  98. // success!
  99. if (!common_set_user($user)) {
  100. // TRANS: Server error displayed when during login a server error occurs.
  101. throw new ServerException(_('Error setting user. You are probably not authorized.'));
  102. }
  103. common_real_login(true);
  104. $this->updateScopedProfile();
  105. if ($this->boolean('rememberme')) {
  106. common_rememberme($user);
  107. }
  108. $url = common_get_returnto();
  109. if ($url) {
  110. // We don't have to return to it again
  111. common_set_returnto(null);
  112. $url = common_inject_session($url);
  113. } else {
  114. $url = common_local_url('all',
  115. array('nickname' => $this->scoped->nickname));
  116. }
  117. common_redirect($url, 303);
  118. }
  119. function showScripts()
  120. {
  121. parent::showScripts();
  122. $this->autofocus('nickname');
  123. }
  124. /**
  125. * Title of the page
  126. *
  127. * @return string title of the page
  128. */
  129. function title()
  130. {
  131. // TRANS: Page title for login page.
  132. return _('Login');
  133. }
  134. /**
  135. * Core of the display code
  136. *
  137. * Shows the login form.
  138. *
  139. * @return void
  140. */
  141. function showContent()
  142. {
  143. $this->elementStart('form', array('method' => 'post',
  144. 'id' => 'form_login',
  145. 'class' => 'form_settings',
  146. 'action' => common_local_url('login')));
  147. $this->elementStart('fieldset');
  148. // TRANS: Form legend on login page.
  149. $this->element('legend', null, _('Login to site'));
  150. $this->elementStart('ul', 'form_data');
  151. $this->elementStart('li');
  152. // TRANS: Field label on login page.
  153. $this->input('nickname', _('Username or email address'));
  154. $this->elementEnd('li');
  155. $this->elementStart('li');
  156. // TRANS: Field label on login page.
  157. $this->password('password', _('Password'));
  158. $this->elementEnd('li');
  159. $this->elementStart('li');
  160. // TRANS: Checkbox label label on login page.
  161. $this->checkbox('rememberme', _('Remember me'), false,
  162. // TRANS: Checkbox title on login page.
  163. _('Automatically login in the future; ' .
  164. 'not for shared computers!'));
  165. $this->elementEnd('li');
  166. $this->elementEnd('ul');
  167. // TRANS: Button text for log in on login page.
  168. $this->submit('submit', _m('BUTTON','Login'));
  169. $this->hidden('token', common_session_token());
  170. $this->elementEnd('fieldset');
  171. $this->elementEnd('form');
  172. $this->elementStart('p');
  173. $this->element('a', array('href' => common_local_url('recoverpassword')),
  174. // TRANS: Link text for link to "reset password" on login page.
  175. _('Lost or forgotten password?'));
  176. $this->elementEnd('p');
  177. }
  178. /**
  179. * Instructions for using the form
  180. *
  181. * For "remembered" logins, we make the user re-login when they
  182. * try to change settings. Different instructions for this case.
  183. *
  184. * @return void
  185. */
  186. protected function getInstructions()
  187. {
  188. if (common_logged_in() && !common_is_real_login() &&
  189. common_get_returnto()) {
  190. // rememberme logins have to reauthenticate before
  191. // changing any profile settings (cookie-stealing protection)
  192. // TRANS: Form instructions on login page before being able to change user settings.
  193. return _('For security reasons, please re-enter your ' .
  194. 'user name and password ' .
  195. 'before changing your settings.');
  196. } else {
  197. // TRANS: Form instructions on login page.
  198. $prompt = _('Login with your username and password.');
  199. if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) {
  200. $prompt .= ' ';
  201. // TRANS: Form instructions on login page. This message contains Markdown links in the form [Link text](Link).
  202. // TRANS: %%action.register%% is a link to the registration page.
  203. $prompt .= _('Don\'t have a username yet? ' .
  204. '[Register](%%action.register%%) a new account.');
  205. }
  206. return $prompt;
  207. }
  208. }
  209. /**
  210. * A local menu
  211. *
  212. * Shows different login/register actions.
  213. *
  214. * @return void
  215. */
  216. function showLocalNav()
  217. {
  218. $nav = new LoginGroupNav($this);
  219. $nav->show();
  220. }
  221. function showNoticeForm()
  222. {
  223. }
  224. function showProfileBlock()
  225. {
  226. }
  227. }
  228. // END OF FILE
  229. // ============================================================================
  230. ?>