= 0; $POST{'bindip'} = 'yes' if index($&, "<") >= 0; } my $user = LJ::canonical_username($POST{'user'}); my $password = $POST{'password'}; my $remote = LJ::get_remote(); my $cursess = $remote ? $remote->{'_session'} : undef; if (LJ::did_post()) { my $do_change = $POST{'action:change'}; my $do_login = $POST{'action:login'}; my $do_logout = $POST{'action:logout'}; # default action is to login: if (! $do_change && ! $do_logout) { $do_login = 1; } # can only change if logged in if ($do_change && not defined $remote) { $do_logout = 1; $do_change = 0; } if ($do_logout || $do_login) { LJ::kill_session($remote); foreach (qw(ljsession langpref)) { delete $COOKIE{$_}; } undef $remote; undef $cursess; LJ::set_remote(undef); LJ::run_hooks("post_logout"); } if ($do_change) { my $bindip; if ($POST{'bindip'} eq "yes") { $bindip = BML::get_remote_ip(); } my $len = "short"; my $etime = 0; # for cookie my $session_secs = 60*60*24*1.5; # for db. if ($POST{'expire'} eq "never") { $len = "long"; $session_secs = 60*60*24*60; $etime = time()+$session_secs; } $cursess->{'ipfixed'} = $bindip; $cursess->{'exptype'} = $len; $COOKIE{'ljsession'} = [ $COOKIE{'ljsession'}, $etime, 1 ]; # 1 => HttpOnly $COOKIE{'langpref'} = [ $COOKIE{'langpref'}, $etime ]; $COOKIE{'BMLschemepref'} = [ $COOKIE{'BMLschemepref'}, $etime ]; my $udbh = LJ::get_cluster_master($remote, 1); my $sessid = $remote->{'_session'}->{'sessid'}; $udbh->do("UPDATE sessions SET timeexpire=UNIX_TIMESTAMP()+$session_secs, ". "exptype=?, ipfixed=? WHERE " . "userid=? AND sessid=?", undef, $len, $bindip, $remote->{'userid'}, $sessid); my $memkey = [$remote->{'userid'},"sess:$remote->{'userid'}:$sessid"]; LJ::MemCache::delete($memkey); } if ($do_login) { my $u = LJ::load_user($user); unless ($u) { push @errors, "$ML{'error.username_notfound'}"; } my $banned = 0; unless (LJ::auth_okay($u, $password, undef, undef, \$banned)) { if ($banned) { $body = LJ::bad_input("Your IP address is temporarily banned for exceeding the login failure rate."); return; } else { push @errors, "$ML{'error.badpassword'}"; } } if (@errors) { $body = LJ::bad_input(@errors); return; } LJ::load_user_props($u, "browselang", "schemepref"); my $bl = LJ::Lang::get_lang($u->{'browselang'}); my $bindip; if ($POST{'bindip'} eq "yes") { $bindip = BML::get_remote_ip(); } my $sess_opts = { 'exptype' => 'short', 'ipfixed' => $bindip, }; my $etime = 0; if ($POST{'expire'} eq "never") { $etime = time()+60*60*24*60; $sess_opts->{'exptype'} = "long"; } my $sess = LJ::generate_session($u, $sess_opts); $cursess = $sess; my @sopts; LJ::run_hooks("login_add_opts", { 'u' => $u, 'form' => \%POST, 'opts' => \@sopts }); my $sopts = @sopts ? ":" . join('', map { ".$_" } @sopts) : ""; $COOKIE{'ljsession'} = [ "ws:$u->{'user'}:$sess->{'sessid'}:$sess->{'auth'}$sopts", $etime, 1 ]; # 1 => HttpOnly # restore default scheme $COOKIE{'BMLschemepref'} = [ $u->{'schemepref'}, $etime ]; BML::set_scheme($u->{'schemepref'}); # kill the old-style cookies: foreach (qw(ljuser ljhpass permlogin)) { delete $COOKIE{$_} if $COOKIE{$_}; } eval { Apache->request->notes('ljuser' => $user); }; if ($bl) { $COOKIE{'langpref'} = [ $bl->{'lncode'} . "/" . time(), $etime ]; BML::set_language($bl->{'lncode'}); } LJ::run_hooks("post_login", { "u" => $u, "form" => \%POST, "expiretime" => $etime, }); if ($POST{'ref'} =~ /\Q$LJ::DOMAIN\E/ && $POST{'ref'} !~ m!/logout\.bml$! && $POST{'ref'} !~ /[\n\r]/) { return BML::redirect("$POST{'ref'}"); } LJ::set_remote($u); $remote = $u; } } $body .= ""; $body .= " $LJ::SITENAME}) . " p?>\n"; $body .= "\n"; $body .= "

\n"; my $referer = BML::get_client_header('Referer'); if ($GET{'ret'} && $referer) { my $eh_ref = LJ::ehtml($referer); $body .= "\n"; } $body .= "\n"; if ($remote) { $body .= "$ML{'.login.username'}$remote->{'user'} \n"; } else { $body .= "$ML{'.login.username'}\n"; $body .= "$ML{'.login.password'}"; $body .= "
$ML{'.login.forget'}\n"; } my $checked; my $checkcond = sub { my $cond = shift; $checked = $cond ? " checked='checked'" : ""; }; # expiration my $curexp = $cursess ? $cursess->{'exptype'} : "short"; $body .= "$ML{'.login.expiration'}\n"; $checkcond->($curexp eq "short"); $body .= " $ML{'.login.whenbrowsercloses'}
\n"; $checkcond->($curexp eq "long"); $body .= " $ML{'.login.never'}\n"; $body .= "\n"; # bind? my $curbind = $cursess && $cursess->{'ipfixed'} ? "yes" : "no"; $body .= "$ML{'.bindip.label'}\n"; $checkcond->($curbind eq "yes"); $body .= " $ML{'.bindip.yes'}
\n"; $checkcond->($curbind eq "no"); $body .= " $ML{'.bindip.no'}\n"; $body .= "\n"; $body .= ""; if ($remote) { $body .= ""; } else { $body .= ""; } $body .= "\n"; if (! $remote && LJ::are_hooks("login_formopts")) { $body .= "$ML{'.login.otheropts'}\n"; LJ::run_hooks("login_formopts", { 'ret' => \$body }); $body .= "\n"; } $body .= "\n"; $body .= "standout?>\n"; $body .= "

\n"; $body .= "\n"; $body .= "\n"; $body .= "

\n"; $body .= "
• $ML{'.whylogin.benefit1'}
\n"; $body .= "
• $ML{'.whylogin.benefit2'}
\n"; $body .= "
• $ML{'.whylogin.benefit3'}
\n"; $body .= "

\n"; return; } _code?>1 _info?> body=> page?> hook: post_login login_formopts link: htdocs/login.bml, htdocs/todo/index.bml, htdocs/users, htdocs/create.bml, htdocs/lostinfo.bml post: htdocs/login.bml _c?>