[geeklog-cvs] geeklog: Handle failed authentication when trying to re-authenti...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:32 EST 2009
changeset 7546:e0748b344b7e
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/e0748b344b7e
user: Dirk Haun <dirk at haun-online.de>
date: Fri Dec 25 18:46:26 2009 +0100
description:
Handle failed authentication when trying to re-authenticate for expired tokens (needs better wording / new messages)
diffstat:
public_html/users.php | 63 +++++++++++++++++++++++++------
1 files changed, 51 insertions(+), 12 deletions(-)
diffs (102 lines):
diff -r b4d55a55dc27 -r e0748b344b7e public_html/users.php
--- a/public_html/users.php Fri Dec 25 15:31:02 2009 +0100
+++ b/public_html/users.php Fri Dec 25 18:46:26 2009 +0100
@@ -876,9 +876,9 @@
$getdata = urldecode($_POST['token_getdata']);
}
- if (SECINT_checkToken() && (!empty($method) && !empty($returnurl) &&
+ if (SECINT_checkToken() && !empty($method) && !empty($returnurl) &&
((($method == 'POST') && !empty($postdata)) ||
- (($method == 'GET') && !empty($getdata))))) {
+ (($method == 'GET') && !empty($getdata)))) {
$req = new HTTP_Request($returnurl);
if ($method == 'POST') {
@@ -1301,16 +1301,16 @@
}
} else {
// On failed login attempt, update speed limit
- if (!empty($loginname) || !empty($passwd) || !empty($service)) {
+ if (!empty($loginname) || !empty($passwd) || !empty($service) ||
+ ($mode == 'tokenexpired')) {
COM_updateSpeedlimit('login');
}
$display .= COM_siteHeader('menu');
- if (isset ($_REQUEST['msg'])) {
- $msg = COM_applyFilter ($_REQUEST['msg'], true);
- } else {
- $msg = 0;
+ $msg = 0;
+ if (isset($_REQUEST['msg'])) {
+ $msg = COM_applyFilter($_REQUEST['msg'], true);
}
if ($msg > 0) {
$display .= COM_showMessage($msg);
@@ -1320,20 +1320,59 @@
case 'create':
// Got bad account info from registration process, show error
// message and display form again
- if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userForm'))) {
- $display .= CUSTOM_userForm ();
+ if ($_CONF['custom_registration'] AND
+ function_exists('CUSTOM_userForm')) {
+ $display .= CUSTOM_userForm();
} else {
- $display .= newuserform ();
+ $display .= newuserform();
}
break;
+
+ case 'tokenexpired':
+ // check to see if this was the last allowed attempt
+ if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
+ displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]);
+ } else {
+ $returnurl = '';
+ if (isset($_POST['token_returnurl'])) {
+ $returnurl = urldecode($_POST['token_returnurl']);
+ }
+ $method = '';
+ if (isset($_POST['token_requestmethod'])) {
+ $method = COM_applyFilter($_POST['token_requestmethod']);
+ }
+ $postdata = '';
+ if (isset($_POST['token_postdata'])) {
+ $postdata = urldecode($_POST['token_postdata']);
+ }
+ $getdata = '';
+ if (isset($_POST['token_getdata'])) {
+ $getdata = urldecode($_POST['token_getdata']);
+ }
+ if (SECINT_checkToken() && !empty($method) &&
+ !empty($returnurl) &&
+ ((($method == 'POST') && !empty($postdata)) ||
+ (($method == 'GET') && !empty($getdata)))) {
+ $display .= COM_showMessage(81);
+ $display .= SECINT_authform($returnurl, $method,
+ $postdata, $getdata);
+ } else {
+ echo COM_refresh($_CONF['site_url'] . '/index.php');
+ exit;
+ }
+ }
+ break;
+
default:
// check to see if this was the last allowed attempt
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]);
} else { // Show login form
if(($msg != 69) && ($msg != 70)) {
- if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) {
- // Typically this will be used if you have a custom main site page and need to control the login process
+ if ($_CONF['custom_registration'] AND
+ function_exists('CUSTOM_loginErrorHandler')) {
+ // Typically this will be used if you have a custom
+ // main site page and need to control the login process
$display .= CUSTOM_loginErrorHandler($msg);
} else {
$display .= loginform(false, $status);
More information about the geeklog-cvs
mailing list