Типа я (zilogic) wrote in changelog,
Типа я
zilogic
changelog

[livejournal] r23310: LJSUP-14092: Suspicious Login Notificati...

Committer: amyshkin
LJSUP-14092: Suspicious Login Notification
U   trunk/cgi-bin/LJ/Event.pm
U   trunk/cgi-bin/ljhooks.pl
U   trunk/htdocs/login.bml
Modified: trunk/cgi-bin/LJ/Event.pm
===================================================================
--- trunk/cgi-bin/LJ/Event.pm	2012-11-15 09:06:54 UTC (rev 23309)
+++ trunk/cgi-bin/LJ/Event.pm	2012-11-15 11:12:59 UTC (rev 23310)
@@ -562,7 +562,7 @@
         if (ref $val eq "CODE") {
             $val->($self);
         } else {
-            warn $self->as_string . "\n";
+            warn $self->as_string( $self->event_journal ) . "\n";
         }
     }
 

Modified: trunk/cgi-bin/ljhooks.pl
===================================================================
--- trunk/cgi-bin/ljhooks.pl	2012-11-15 09:06:54 UTC (rev 23309)
+++ trunk/cgi-bin/ljhooks.pl	2012-11-15 11:12:59 UTC (rev 23310)
@@ -213,6 +213,16 @@
     return 1;
 });
 
+register_setter("check_suspicious", sub {
+    my ($u, $key, $value, $err) = @_;
+    unless ($value =~ /^(?:yes|no)$/) {
+        $$err = "Illegal value. Must be 'yes' or 'no'";
+        return 0;
+    }
+    $u->set_prop("check_suspicious", $value);
+    return 1;
+});
+
 register_setter("trusted_s1", sub {
     my ($u, $key, $value, $err) = @_;
 

Modified: trunk/htdocs/login.bml
===================================================================
--- trunk/htdocs/login.bml	2012-11-15 09:06:54 UTC (rev 23309)
+++ trunk/htdocs/login.bml	2012-11-15 11:12:59 UTC (rev 23310)
@@ -80,11 +80,6 @@
                 BML::redirect($POST{ret});
                 return 1;
             }
-    
-            if (my $u = LJ::User->new_from_external_domain($redir_host)) {
-                BML::redirect($POST{ret});
-                return 1;
-            }
         }
 
         return 0;
@@ -320,15 +315,15 @@
             $cursess->update_master_cookie;
         }
 
-        if ($do_login)
-        {
+        if ( $do_login ) {
             my $u = LJ::load_user($user);
 
             if (! $u) {
                 my $euser = LJ::eurl($user);
                 push @errors, [ unknown_user => BML::ml('.error.notuser', { 'aopts' => "href='$LJ::SITEROOT/create.bml?user=$euser'" })]
                     unless $u;
-            } else {
+            }
+            else {
                 push @errors, [ purged_user => "$ML{'error.purged.text'}" ] if $u->is_expunged;
                 push @errors, [ community_disabled_login => "$ML{'error.nocommlogin'}" ]
                     if $u->{'journaltype'} eq 'C' && $LJ::DISABLED{'community-logins'};
@@ -347,7 +342,8 @@
 
             if ($POST{response}) {
                 $ok = LJ::challenge_check_login($u, $POST{chal}, $POST{response}, \$banned, $chal_opts);
-            } else {  # js disabled, fallback to plaintext
+            }
+            else {  # js disabled, fallback to plaintext
                 $ok = LJ::auth_okay($u, $password, undef, undef, \$banned);
             }
 
@@ -406,16 +402,12 @@
                 $POST{'ref'} !~ /[\n\r]/)
             {
                 return BML::redirect("$POST{'ref'}");
-            } elsif ($GET{'ret'} == 1 && $referer) {
-                if (    $referer =~ /\Q$LJ::DOMAIN\E/ || 
-                        ($referer =~ m!http://([\w\.\-]+)! && LJ::User->new_from_external_domain($1))) 
-                { 
-                    my $uniq = LJ::Request->notes('uniq');
-                    if ($uniq) {
-                        LJ::MemCache::set("loginout:$uniq", 1, time() + 15);
-                    }
-                    return BML::redirect("$referer");
+            } elsif ($GET{'ret'} == 1 && $referer && $referer =~ /\Q$LJ::DOMAIN\E/) {
+                my $uniq = LJ::Request->notes('uniq');
+                if ($uniq) {
+                    LJ::MemCache::set("loginout:$uniq", 1, time() + 15);
                 }
+                return BML::redirect("$referer");
             }
 
             LJ::set_remote($u);

Tags: amyshkin, bml, livejournal, pl, pm, zilogic
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments