return $user_config;
}
+ public function userExists($username) {
+ $sql = "SELECT * FROM users WHERE username=?";
+ $query = $this->executeQuery($sql, array($username));
+ $login = $query->fetchAll();
+ if (isset($login[0])) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
public function login($username, $password) {
$sql = "SELECT * FROM users WHERE username=? AND password=?";
$query = $this->executeQuery($sql, array($username, $password));
$tpl_file = Tools::getTplFile($view);
$tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
- $poche->login($referer);
+ if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
+ $poche->login($referer);
+ } else {
+ $poche->messages->add('e', _('login failed: user doesn\'t exist'));
+ Tools::logm('user doesn\'t exist');
+ $tpl_file = Tools::getTplFile('login');
+ $tpl_vars['http_auth'] = 1;
+ }
} else {
$tpl_file = Tools::getTplFile('login');
+ $tpl_vars['http_auth'] = 0;
}
# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
{% block title %}{% trans "login to your poche" %}{% endblock %}
{% block content %}
+ {% if http_auth == 0 %}
<form method="post" action="?login" name="loginform">
<fieldset class="w500p center">
<h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
<input type="hidden" name="returnurl" value="{{ referer }}">
<input type="hidden" name="token" value="{{ token }}">
</form>
-{% endblock %}
\ No newline at end of file
+ {% endif %}
+{% endblock %}