diff options
author | Andrew Dolgov <[email protected]> | 2012-09-10 19:01:06 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-09-10 19:01:06 +0400 |
commit | 97acbaf190ff84b4cc5b01192f14d9ee384d6327 (patch) | |
tree | a64a4e9bfe24c8e4863437fc6ffffcd3b09f93da /include | |
parent | c3d2cda86de3b9242483de96d73ce5d9e82881de (diff) |
login system fixes
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 43 | ||||
-rw-r--r-- | include/login_form.php | 34 |
2 files changed, 50 insertions, 27 deletions
diff --git a/include/functions.php b/include/functions.php index 729cb2625..73c2f6d50 100644 --- a/include/functions.php +++ b/include/functions.php @@ -815,7 +815,35 @@ return true; } - function login_sequence($link, $mobile = false) { + function login_sequence($link, $login_form = 0) { + if (SINGLE_USER_MODE) { + return authenticate_user($link, "admin", null); + } else { + if (!$_SESSION["uid"] || !validate_session($link)) { + + if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) { + $_SESSION["ref_schema_version"] = get_schema_version($link, true); + } else { + authenticate_user($link, null, null, true); + } + + if (!$_SESSION["uid"]) render_login_form($link, $login_form); + + } else { + /* bump login timestamp */ + db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . + $_SESSION["uid"]); + + if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { + setcookie("ttrss_lang", $_SESSION["language"], + time() + SESSION_COOKIE_LIFETIME); + } + } + } + } + + + /* function login_sequence($link, $mobile = false) { $_SESSION["prefs_cache"] = array(); if (!SINGLE_USER_MODE) { @@ -872,7 +900,7 @@ exit; } } else { - /* bump login timestamp */ + // bump login timestamp db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); @@ -888,7 +916,7 @@ } else { return authenticate_user($link, "admin", null); } - } + } */ function truncate_string($str, $max_len, $suffix = '…') { if (mb_strlen($str, "utf-8") > $max_len - 3) { @@ -3148,17 +3176,16 @@ return true; } - function render_login_form($link, $mobile = 0) { - switch ($mobile) { + function render_login_form($link, $form_id = 0) { + switch ($form_id) { case 0: require_once "login_form.php"; break; case 1: require_once "mobile/login_form.php"; break; - case 2: - require_once "mobile/classic/login_form.php"; } + exit; } // from http://developer.apple.com/internet/safari/faq.html @@ -3588,7 +3615,7 @@ //$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' : 'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH); $url_path = get_self_url_prefix() . - "/backend.php?op=pref-feeds&quiet=1&method=add&feed_url=%s"; + "/public.php?op=subscribe&feed_url=%s"; return $url_path; } // function add_feed_url diff --git a/include/login_form.php b/include/login_form.php index abe73f847..5060f8c11 100644 --- a/include/login_form.php +++ b/include/login_form.php @@ -32,21 +32,22 @@ function init() { } document.forms["loginForm"].login.focus(); + + fetchProfiles(); } function fetchProfiles() { try { - var params = Form.serialize('loginForm'); - var query = "?op=getProfiles&" + params; + var query = "?op=getProfiles&login=" + param_escape(document.forms["loginForm"].login.value); if (query) { new Ajax.Request("public.php", { parameters: query, - onComplete: function(transport) { - if (transport.responseText.match("select")) { - $('profile_box').innerHTML = transport.responseText; - } - } }); + onComplete: function(transport) { + if (transport.responseText.match("select")) { + $('profile_box').innerHTML = transport.responseText; + } + } }); } } catch (e) { @@ -113,8 +114,12 @@ function validateLoginForm(f) { }); </script> -<form action="" method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)"> -<input type="hidden" name="login_action" value="do_login"> +<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?> + +<form action="public.php?return=<?php echo $return ?>" + method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)"> + +<input type="hidden" name="op" value="login"> <table class="loginForm2"> <tr> @@ -130,11 +135,10 @@ function validateLoginForm(f) { <table> <tr><td align="right"><?php echo __("Login:") ?></td> <td align="right"><input name="login" - onchange="fetchProfiles()" onfocus="fetchProfiles()" + onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()" value="<?php echo $_SESSION["fake_login"] ?>"></td></tr> <tr><td align="right"><?php echo __("Password:") ?></td> <td align="right"><input type="password" name="password" - onchange="fetchProfiles()" onfocus="fetchProfiles()" value="<?php echo $_SESSION["fake_password"] ?>"></td></tr> <tr><td align="right"><?php echo __("Language:") ?></td> <td align="right"> @@ -151,11 +155,6 @@ function validateLoginForm(f) { <option><?php echo __("Default profile") ?></option></select> </td></tr> - <!-- <tr><td colspan="2"> - <input type="checkbox" name="remember_me" id="remember_me"> - <label for="remember_me">Remember me on this computer</label> - </td></tr> --> - <tr><td colspan="2" align="right" class="innerLoginCell"> <button type="submit" name='click'><?php echo __('Log in') ?></button> @@ -164,9 +163,6 @@ function validateLoginForm(f) { <?php echo __("Create new account") ?></button> <?php } ?> - <input type="hidden" name="action" value="login"> - <input type="hidden" name="rt" - value="<?php if ($return_to != 'none') { echo $return_to; } ?>"> </td></tr> <tr><td colspan="2" align="right" class="innerLoginCell"> |