From 6af66b1106e67a8dc467a70e8e57d7963b09936b Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Thu, 30 Jan 2014 16:35:31 +0200 Subject: [PATCH] fix of bug #368 Endless redirects or user doesn't exist with basic authentication --- inc/poche/Database.class.php | 11 ++++++++--- inc/poche/Poche.class.php | 19 ++++++++++--------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 3b0f455e..0457af69 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php @@ -165,9 +165,14 @@ class Database { } } - public function login($username, $password) { - $sql = "SELECT * FROM users WHERE username=? AND password=?"; - $query = $this->executeQuery($sql, array($username, $password)); + public function login($username, $password, $isauthenticated=false) { + if ($isauthenticated) { + $sql = "SELECT * FROM users WHERE username=?"; + $query = $this->executeQuery($sql, array($username)); + } else { + $sql = "SELECT * FROM users WHERE username=? AND password=?"; + $query = $this->executeQuery($sql, array($username, $password)); + } $login = $query->fetchAll(); $user = array(); diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index e9b14121..77361ef7 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -692,17 +692,17 @@ class Poche */ private function credentials() { if(isset($_SERVER['PHP_AUTH_USER'])) { - return array($_SERVER['PHP_AUTH_USER'],'php_auth'); + return array($_SERVER['PHP_AUTH_USER'],'php_auth',true); } if(!empty($_POST['login']) && !empty($_POST['password'])) { - return array($_POST['login'],$_POST['password']); + return array($_POST['login'],$_POST['password'],false); } if(isset($_SERVER['REMOTE_USER'])) { - return array($_SERVER['REMOTE_USER'],'http_auth'); + return array($_SERVER['REMOTE_USER'],'http_auth',true); } - return array(false,false); - } + return array(false,false,false); + } /** * checks if login & password are correct and save the user in session. @@ -713,18 +713,19 @@ class Poche */ public function login($referer) { - list($login,$password)=$this->credentials(); + list($login,$password,$isauthenticated)=$this->credentials(); if($login === false || $password === false) { $this->messages->add('e', _('login failed: you have to fill all fields')); Tools::logm('login failed'); Tools::redirect(); } if (!empty($login) && !empty($password)) { - $user = $this->store->login($login, Tools::encodeString($password . $login)); + $user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated); if ($user != array()) { # Save login into Session - $longlastingsession = isset($_POST['longlastingsession']); - Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user))); + $longlastingsession = isset($_POST['longlastingsession']); + $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login); + Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user))); $this->messages->add('s', _('welcome to your poche')); Tools::logm('login successful'); Tools::redirect($referer); -- 2.41.0