Textpattern PHP Cross Reference Content Management Systems

Summary: /textpattern/include/txp_auth.php - 414 lines - 15046 bytes - Source - Print

Description: Login panel.

Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 3 functions

doAuth()
doLoginForm()
doTxpValidate()

Functions

Functions that are not part of a class:

doAuth()  line: 34
Renders a login panel if necessary.

If the current visitor isn't authenticated,
terminates the script and instead renders
a login page.

doLoginForm($message line: 66
Renders and outputs a login form.

This function outputs a full HTML document,
including <head> and footer.

param: string|array $message The activity message
doTxpValidate()  line: 219
Validates the sent login form and creates a session.

During the reset request procedure, it is conceivable to verify the
token as soon as it's presented in the URL, but that would:
a) require refactoring code similarities in both p_confirm and p_alter branches
b) require some way (e.g. an Exception) to signal back to doLoginForm() that
the token is bogus so the 'change your password' form is not displayed.
c) leak information about the validity of a token, thus allowing rapid brute-force
attempts.

The inconvenience of a real user following an expired token and being told so
after they've set a password is a small price to pay for the improved security
and reduction of attack surface that validating after submission affords.

return: string A localised feedback message

title

Body