login.php 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Login form
  6. *
  7. * PHP version 5
  8. *
  9. * LICENCE: This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. * @category Login
  23. * @package GNUsocial
  24. * @author Evan Prodromou <evan@status.net>
  25. * @author Sarven Capadisli <csarven@status.net>
  26. * @author Mikael Nordfeldth <mmn@hethane.se>
  27. * @copyright 2008-2009 StatusNet, Inc.
  28. * @copyright 2013 Free Software Foundation, Inc.
  29. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  30. * @link http://www.gnu.org/software/social/
  31. */
  32. if (!defined('GNUSOCIAL')) { exit(1); }
  33. class LoginAction extends FormAction
  34. {
  35. protected $needLogin = false;
  36. /**
  37. * Handle input, produce output
  38. *
  39. * Switches on request method; either shows the form or handles its input.
  40. *
  41. * @return void
  42. */
  43. protected function handle()
  44. {
  45. if (common_is_real_login()) {
  46. common_redirect(common_local_url('all', array('nickname' => $this->scoped->nickname)), 307);
  47. }
  48. return parent::handle();
  49. }
  50. /**
  51. * Check the login data
  52. *
  53. * Determines if the login data is valid. If so, logs the user
  54. * in, and redirects to the 'with friends' page, or to the stored
  55. * return-to URL.
  56. *
  57. * @return void
  58. */
  59. protected function doPost()
  60. {
  61. // XXX: login throttle
  62. $nickname = $this->trimmed('nickname');
  63. $password = $this->arg('password');
  64. $user = common_check_user($nickname, $password);
  65. if (!$user instanceof User) {
  66. // TRANS: Form validation error displayed when trying to log in with incorrect credentials.
  67. throw new ServerException(_('Incorrect username or password.'));
  68. }
  69. // success!
  70. if (!common_set_user($user)) {
  71. // TRANS: Server error displayed when during login a server error occurs.
  72. throw new ServerException(_('Error setting user. You are probably not authorized.'));
  73. }
  74. common_real_login(true);
  75. $this->updateScopedProfile();
  76. if ($this->boolean('rememberme')) {
  77. common_rememberme($user);
  78. }
  79. $url = common_get_returnto();
  80. if ($url) {
  81. // We don't have to return to it again
  82. common_set_returnto(null);
  83. $url = common_inject_session($url);
  84. } else {
  85. $url = common_local_url('all',
  86. array('nickname' => $this->scoped->nickname));
  87. }
  88. common_redirect($url, 303);
  89. }
  90. function showScripts()
  91. {
  92. parent::showScripts();
  93. $this->autofocus('nickname');
  94. }
  95. /**
  96. * Title of the page
  97. *
  98. * @return string title of the page
  99. */
  100. function title()
  101. {
  102. // TRANS: Page title for login page.
  103. return _('Login');
  104. }
  105. /**
  106. * Core of the display code
  107. *
  108. * Shows the login form.
  109. *
  110. * @return void
  111. */
  112. function showContent()
  113. {
  114. $this->elementStart('form', array('method' => 'post',
  115. 'id' => 'form_login',
  116. 'class' => 'form_settings',
  117. 'action' => common_local_url('login')));
  118. $this->elementStart('fieldset');
  119. // TRANS: Form legend on login page.
  120. $this->element('legend', null, _('Login to site'));
  121. $this->elementStart('ul', 'form_data');
  122. $this->elementStart('li');
  123. // TRANS: Field label on login page.
  124. $this->input('nickname', _('Username or email address'));
  125. $this->elementEnd('li');
  126. $this->elementStart('li');
  127. // TRANS: Field label on login page.
  128. $this->password('password', _('Password'));
  129. $this->elementEnd('li');
  130. $this->elementStart('li');
  131. // TRANS: Checkbox label label on login page.
  132. $this->checkbox('rememberme', _('Remember me'), false,
  133. // TRANS: Checkbox title on login page.
  134. _('Automatically login in the future; ' .
  135. 'not for shared computers!'));
  136. $this->elementEnd('li');
  137. $this->elementEnd('ul');
  138. // TRANS: Button text for log in on login page.
  139. $this->submit('submit', _m('BUTTON','Login'));
  140. $this->hidden('token', common_session_token());
  141. $this->elementEnd('fieldset');
  142. $this->elementEnd('form');
  143. $this->elementStart('p');
  144. $this->element('a', array('href' => common_local_url('recoverpassword')),
  145. // TRANS: Link text for link to "reset password" on login page.
  146. _('Lost or forgotten password?'));
  147. $this->elementEnd('p');
  148. }
  149. /**
  150. * Instructions for using the form
  151. *
  152. * For "remembered" logins, we make the user re-login when they
  153. * try to change settings. Different instructions for this case.
  154. *
  155. * @return void
  156. */
  157. protected function getInstructions()
  158. {
  159. if (common_logged_in() && !common_is_real_login() &&
  160. common_get_returnto()) {
  161. // rememberme logins have to reauthenticate before
  162. // changing any profile settings (cookie-stealing protection)
  163. // TRANS: Form instructions on login page before being able to change user settings.
  164. return _('For security reasons, please re-enter your ' .
  165. 'user name and password ' .
  166. 'before changing your settings.');
  167. } else {
  168. // TRANS: Form instructions on login page.
  169. $prompt = _('Login with your username and password.');
  170. if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) {
  171. $prompt .= ' ';
  172. // TRANS: Form instructions on login page. This message contains Markdown links in the form [Link text](Link).
  173. // TRANS: %%action.register%% is a link to the registration page.
  174. $prompt .= _('Don\'t have a username yet? ' .
  175. '[Register](%%action.register%%) a new account.');
  176. }
  177. return $prompt;
  178. }
  179. }
  180. /**
  181. * A local menu
  182. *
  183. * Shows different login/register actions.
  184. *
  185. * @return void
  186. */
  187. function showLocalNav()
  188. {
  189. $nav = new LoginGroupNav($this);
  190. $nav->show();
  191. }
  192. function showNoticeForm()
  193. {
  194. }
  195. function showProfileBlock()
  196. {
  197. }
  198. }