Textpattern | PHP Cross Reference | Content Management Systems |
Description: Login panel.
Included or required: | 0 times |
Referenced: | 0 times |
Includes or requires: | 0 files |
Functions that are not part of a class:
doAuth() line: 34 |
Renders a login panel if necessary. If the current visitor isn't authenticated, terminates the script and instead renders a login page. |
doLoginForm($message) line: 66 |
Renders and outputs a login form. This function outputs a full HTML document, including <head> and footer. param: string|array $message The activity message |
doTxpValidate() line: 219 |
Validates the sent login form and creates a session. During the reset request procedure, it is conceivable to verify the token as soon as it's presented in the URL, but that would: a) require refactoring code similarities in both p_confirm and p_alter branches b) require some way (e.g. an Exception) to signal back to doLoginForm() that the token is bogus so the 'change your password' form is not displayed. c) leak information about the validity of a token, thus allowing rapid brute-force attempts. The inconvenience of a real user following an expired token and being told so after they've set a password is a small price to pay for the improved security and reduction of attack surface that validating after submission affords. return: string A localised feedback message |
title