diff options
| author | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2014-02-03 11:56:01 +0100 |
|---|---|---|
| committer | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2014-02-03 11:56:01 +0100 |
| commit | f85bfdf186c525056e7c30e6b072b1bea9ba80c9 (patch) | |
| tree | 1c49680b4256f87889af267cb2d761ae71e8971b | |
| parent | cae70cdbdb518b6effe212528c894a390256cf2d (diff) | |
| parent | 6af66b1106e67a8dc467a70e8e57d7963b09936b (diff) | |
| download | wallabag-f85bfdf186c525056e7c30e6b072b1bea9ba80c9.tar.gz wallabag-f85bfdf186c525056e7c30e6b072b1bea9ba80c9.tar.zst wallabag-f85bfdf186c525056e7c30e6b072b1bea9ba80c9.zip | |
Merge branch 'dev' of git://github.com/mariroz/wallabag into mariroz-dev
| -rw-r--r-- | inc/poche/Database.class.php | 11 | ||||
| -rw-r--r-- | inc/poche/Poche.class.php | 19 |
2 files changed, 18 insertions, 12 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 3b0f455e..0457af69 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
| @@ -165,9 +165,14 @@ class Database { | |||
| 165 | } | 165 | } |
| 166 | } | 166 | } |
| 167 | 167 | ||
| 168 | public function login($username, $password) { | 168 | public function login($username, $password, $isauthenticated=false) { |
| 169 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | 169 | if ($isauthenticated) { |
| 170 | $query = $this->executeQuery($sql, array($username, $password)); | 170 | $sql = "SELECT * FROM users WHERE username=?"; |
| 171 | $query = $this->executeQuery($sql, array($username)); | ||
| 172 | } else { | ||
| 173 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | ||
| 174 | $query = $this->executeQuery($sql, array($username, $password)); | ||
| 175 | } | ||
| 171 | $login = $query->fetchAll(); | 176 | $login = $query->fetchAll(); |
| 172 | 177 | ||
| 173 | $user = array(); | 178 | $user = array(); |
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index e9b14121..77361ef7 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
| @@ -692,17 +692,17 @@ class Poche | |||
| 692 | */ | 692 | */ |
| 693 | private function credentials() { | 693 | private function credentials() { |
| 694 | if(isset($_SERVER['PHP_AUTH_USER'])) { | 694 | if(isset($_SERVER['PHP_AUTH_USER'])) { |
| 695 | return array($_SERVER['PHP_AUTH_USER'],'php_auth'); | 695 | return array($_SERVER['PHP_AUTH_USER'],'php_auth',true); |
| 696 | } | 696 | } |
| 697 | if(!empty($_POST['login']) && !empty($_POST['password'])) { | 697 | if(!empty($_POST['login']) && !empty($_POST['password'])) { |
| 698 | return array($_POST['login'],$_POST['password']); | 698 | return array($_POST['login'],$_POST['password'],false); |
| 699 | } | 699 | } |
| 700 | if(isset($_SERVER['REMOTE_USER'])) { | 700 | if(isset($_SERVER['REMOTE_USER'])) { |
| 701 | return array($_SERVER['REMOTE_USER'],'http_auth'); | 701 | return array($_SERVER['REMOTE_USER'],'http_auth',true); |
| 702 | } | 702 | } |
| 703 | 703 | ||
| 704 | return array(false,false); | 704 | return array(false,false,false); |
| 705 | } | 705 | } |
| 706 | 706 | ||
| 707 | /** | 707 | /** |
| 708 | * checks if login & password are correct and save the user in session. | 708 | * checks if login & password are correct and save the user in session. |
| @@ -713,18 +713,19 @@ class Poche | |||
| 713 | */ | 713 | */ |
| 714 | public function login($referer) | 714 | public function login($referer) |
| 715 | { | 715 | { |
| 716 | list($login,$password)=$this->credentials(); | 716 | list($login,$password,$isauthenticated)=$this->credentials(); |
| 717 | if($login === false || $password === false) { | 717 | if($login === false || $password === false) { |
| 718 | $this->messages->add('e', _('login failed: you have to fill all fields')); | 718 | $this->messages->add('e', _('login failed: you have to fill all fields')); |
| 719 | Tools::logm('login failed'); | 719 | Tools::logm('login failed'); |
| 720 | Tools::redirect(); | 720 | Tools::redirect(); |
| 721 | } | 721 | } |
| 722 | if (!empty($login) && !empty($password)) { | 722 | if (!empty($login) && !empty($password)) { |
| 723 | $user = $this->store->login($login, Tools::encodeString($password . $login)); | 723 | $user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated); |
| 724 | if ($user != array()) { | 724 | if ($user != array()) { |
| 725 | # Save login into Session | 725 | # Save login into Session |
| 726 | $longlastingsession = isset($_POST['longlastingsession']); | 726 | $longlastingsession = isset($_POST['longlastingsession']); |
| 727 | Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user))); | 727 | $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login); |
| 728 | Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user))); | ||
| 728 | $this->messages->add('s', _('welcome to your poche')); | 729 | $this->messages->add('s', _('welcome to your poche')); |
| 729 | Tools::logm('login successful'); | 730 | Tools::logm('login successful'); |
| 730 | Tools::redirect($referer); | 731 | Tools::redirect($referer); |