BugTrack/2552 counter plugin: async counter option

[pukiwiki/pukiwiki.git] / plugin / loginform.inc.php

diff --git a/plugin/loginform.inc.php b/plugin/loginform.inc.php
index 609b981..dbc57be 100644 (file)
--- a/plugin/loginform.inc.php
+++ b/plugin/loginform.inc.php
@@ -1,26 +1,44 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone
-// Copyright 2015-2017 PukiWiki Development Team
+// Copyright 2015-2022 PukiWiki Development Team
 // License: GPL v2 or (at your option) any later version
 //
 // "Login form" plugin
 
 function plugin_loginform_inline()
 {
-       $logout_param = '?plugin=basicauthlogout';
+       global $vars, $read_auth, $edit_auth;
+       $page = isset($vars['page']) ? $vars['page'] : '';
+       if (! is_pagename($page)) {
+               $page = '';
+       }
+       if (! ($read_auth || $edit_auth)) {
+               // non auth site
+               return 'Note: loginform is for auth enabled site';
+       }
+       $logout_param = '?plugin=loginform&pcmd=logout&page=' . pagename_urlencode($page);
        return '<a href="' . htmlsc(get_base_uri() . $logout_param) . '">Log out</a>';
 }
 
 function plugin_loginform_convert()
 {
-       return '<div>' . plugin_basicauthlogout_inline() . '</div>';
+       return '<div>' . plugin_loginform_inline() . '</div>';
 }
 
 function plugin_loginform_action()
 {
        global $auth_user, $auth_type, $_loginform_messages;
+       global $read_auth, $edit_auth;
        $page = isset($_GET['page']) ? $_GET['page'] : '';
        $pcmd = isset($_GET['pcmd']) ? $_GET['pcmd'] : '';
+       if (! is_pagename($page)) {
+               $page = '';
+       }
+       if (! ($read_auth || $edit_auth)) {
+               // non auth site
+               die_message('Invalid action');
+               exit;
+       }
        $url_after_login = isset($_GET['url_after_login']) ? $_GET['url_after_login'] : '';
        $page_after_login = $page;
        if (!$url_after_login) {
@@ -36,7 +54,7 @@ function plugin_loginform_action()
        if ($username && $password && form_auth($username, $password)) {
                // Sign in successfully completed
                form_auth_redirect($url_after_login, $page_after_login);
-               return;
+               exit; // or 'return FALSE;' - Don't double check for FORM_AUTH
        }
        if ($pcmd === 'logout') {
                // logout
@@ -55,11 +73,13 @@ function plugin_loginform_action()
                                break;
                }
                $auth_user = '';
+               $page_link = '';
+               if ($page) {
+                       $page_link = '<br>' . make_pagelink($page);
+               }
                return array(
                        'msg' => 'Log out',
-                       'body' => 'Logged out completely<br>'
-                               . '<a href="'. get_page_uri($page) . '">'
-                               . $page . '</a>'
+                       'body' => 'Logged out completely' . $page_link,
                );
        } else {
                // login
@@ -123,9 +143,6 @@ function plugin_loginform_action()
 <script><!--
 window.addEventListener && window.addEventListener("DOMContentLoaded", function() {
   var f = window.document.forms.loginform;
-                               console.log(f);
-                               console.log(f.username);
-                               console.log(f.password);
   if (f && f.username && f.password) {
     if (f.username.value) {
      f.password.focus && f.password.focus();