diff options
author | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2013-10-21 08:31:24 -0700 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2013-10-21 08:31:24 -0700 |
commit | 1ba1628ed6d22833096049ca9975c3d72f99804c (patch) | |
tree | 9a4ede0de3ac8494f206b07e2fc5e4013e61d234 | |
parent | c1e24b0461111affb121f5a1bc9d42acf94caf93 (diff) | |
parent | 027b4e156853b4d5e358e19e83506ec4446de7ab (diff) | |
download | wallabag-1ba1628ed6d22833096049ca9975c3d72f99804c.tar.gz wallabag-1ba1628ed6d22833096049ca9975c3d72f99804c.tar.zst wallabag-1ba1628ed6d22833096049ca9975c3d72f99804c.zip |
Merge pull request #285 from dsacchet/dev
Adding support for http_auth
-rw-r--r-- | inc/poche/Database.class.php | 11 | ||||
-rw-r--r-- | inc/poche/Poche.class.php | 35 | ||||
-rw-r--r-- | index.php | 12 | ||||
-rw-r--r-- | themes/default/config.twig | 2 | ||||
-rw-r--r-- | themes/default/login.twig | 4 |
5 files changed, 54 insertions, 10 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 5c40b026..1d3ff0c2 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
@@ -87,6 +87,17 @@ class Database { | |||
87 | return $user_config; | 87 | return $user_config; |
88 | } | 88 | } |
89 | 89 | ||
90 | public function userExists($username) { | ||
91 | $sql = "SELECT * FROM users WHERE username=?"; | ||
92 | $query = $this->executeQuery($sql, array($username)); | ||
93 | $login = $query->fetchAll(); | ||
94 | if (isset($login[0])) { | ||
95 | return true; | ||
96 | } else { | ||
97 | return false; | ||
98 | } | ||
99 | } | ||
100 | |||
90 | public function login($username, $password) { | 101 | public function login($username, $password) { |
91 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | 102 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; |
92 | $query = $this->executeQuery($sql, array($username, $password)); | 103 | $query = $this->executeQuery($sql, array($username, $password)); |
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 806da54b..0766cd51 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -408,6 +408,7 @@ class Poche | |||
408 | $compare_prod = version_compare(POCHE, $prod); | 408 | $compare_prod = version_compare(POCHE, $prod); |
409 | $themes = $this->getInstalledThemes(); | 409 | $themes = $this->getInstalledThemes(); |
410 | $languages = $this->getInstalledLanguages(); | 410 | $languages = $this->getInstalledLanguages(); |
411 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false; | ||
411 | $tpl_vars = array( | 412 | $tpl_vars = array( |
412 | 'themes' => $themes, | 413 | 'themes' => $themes, |
413 | 'languages' => $languages, | 414 | 'languages' => $languages, |
@@ -415,6 +416,7 @@ class Poche | |||
415 | 'prod' => $prod, | 416 | 'prod' => $prod, |
416 | 'compare_dev' => $compare_dev, | 417 | 'compare_dev' => $compare_dev, |
417 | 'compare_prod' => $compare_prod, | 418 | 'compare_prod' => $compare_prod, |
419 | 'http_auth' => $http_auth, | ||
418 | ); | 420 | ); |
419 | Tools::logm('config view'); | 421 | Tools::logm('config view'); |
420 | break; | 422 | break; |
@@ -574,6 +576,21 @@ class Poche | |||
574 | } | 576 | } |
575 | 577 | ||
576 | /** | 578 | /** |
579 | * get credentials from differents sources | ||
580 | * it redirects the user to the $referer link | ||
581 | * @return array | ||
582 | */ | ||
583 | private function credentials() { | ||
584 | if(isset($_SERVER['PHP_AUTH_USER'])) { | ||
585 | return array($_SERVER['PHP_AUTH_USER'],'php_auth'); | ||
586 | } | ||
587 | if(!empty($_POST['login']) && !empty($_POST['password'])) { | ||
588 | return array($_POST['login'],$_POST['password']); | ||
589 | } | ||
590 | return array(false,false); | ||
591 | } | ||
592 | |||
593 | /** | ||
577 | * checks if login & password are correct and save the user in session. | 594 | * checks if login & password are correct and save the user in session. |
578 | * it redirects the user to the $referer link | 595 | * it redirects the user to the $referer link |
579 | * @param string $referer the url to redirect after login | 596 | * @param string $referer the url to redirect after login |
@@ -582,11 +599,17 @@ class Poche | |||
582 | */ | 599 | */ |
583 | public function login($referer) | 600 | public function login($referer) |
584 | { | 601 | { |
585 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 602 | list($login,$password)=$this->credentials(); |
586 | $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])); | 603 | if($login === false || $password === false) { |
604 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
605 | Tools::logm('login failed'); | ||
606 | Tools::redirect(); | ||
607 | } | ||
608 | if (!empty($login) && !empty($password)) { | ||
609 | $user = $this->store->login($login, Tools::encodeString($password . $login)); | ||
587 | if ($user != array()) { | 610 | if ($user != array()) { |
588 | # Save login into Session | 611 | # Save login into Session |
589 | Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user))); | 612 | Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user))); |
590 | $this->messages->add('s', _('welcome to your poche')); | 613 | $this->messages->add('s', _('welcome to your poche')); |
591 | Tools::logm('login successful'); | 614 | Tools::logm('login successful'); |
592 | Tools::redirect($referer); | 615 | Tools::redirect($referer); |
@@ -594,10 +617,6 @@ class Poche | |||
594 | $this->messages->add('e', _('login failed: bad login or password')); | 617 | $this->messages->add('e', _('login failed: bad login or password')); |
595 | Tools::logm('login failed'); | 618 | Tools::logm('login failed'); |
596 | Tools::redirect(); | 619 | Tools::redirect(); |
597 | } else { | ||
598 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
599 | Tools::logm('login failed'); | ||
600 | Tools::redirect(); | ||
601 | } | 620 | } |
602 | } | 621 | } |
603 | 622 | ||
@@ -814,4 +833,4 @@ class Poche | |||
814 | } | 833 | } |
815 | return $version; | 834 | return $version; |
816 | } | 835 | } |
817 | } \ No newline at end of file | 836 | } |
@@ -81,8 +81,18 @@ if (Session::isLogged()) { | |||
81 | $poche->action($action, $url, $id); | 81 | $poche->action($action, $url, $id); |
82 | $tpl_file = Tools::getTplFile($view); | 82 | $tpl_file = Tools::getTplFile($view); |
83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | 83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); |
84 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | ||
85 | if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { | ||
86 | $poche->login($referer); | ||
87 | } else { | ||
88 | $poche->messages->add('e', _('login failed: user doesn\'t exist')); | ||
89 | Tools::logm('user doesn\'t exist'); | ||
90 | $tpl_file = Tools::getTplFile('login'); | ||
91 | $tpl_vars['http_auth'] = 1; | ||
92 | } | ||
84 | } else { | 93 | } else { |
85 | $tpl_file = Tools::getTplFile('login'); | 94 | $tpl_file = Tools::getTplFile('login'); |
95 | $tpl_vars['http_auth'] = 0; | ||
86 | } | 96 | } |
87 | 97 | ||
88 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | 98 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) |
@@ -90,4 +100,4 @@ $messages = $poche->messages->display('all', FALSE); | |||
90 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); | 100 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); |
91 | 101 | ||
92 | # display poche | 102 | # display poche |
93 | echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file | 103 | echo $poche->tpl->render($tpl_file, $tpl_vars); |
diff --git a/themes/default/config.twig b/themes/default/config.twig index 23860ebd..72671702 100644 --- a/themes/default/config.twig +++ b/themes/default/config.twig | |||
@@ -66,6 +66,7 @@ | |||
66 | <input type="hidden" name="token" value="{{ token }}"> | 66 | <input type="hidden" name="token" value="{{ token }}"> |
67 | </form> | 67 | </form> |
68 | 68 | ||
69 | {% if http_auth == 0 %} | ||
69 | <h2>{% trans "Change your password" %}</h2> | 70 | <h2>{% trans "Change your password" %}</h2> |
70 | <form method="post" action="?config" name="loginform"> | 71 | <form method="post" action="?config" name="loginform"> |
71 | <fieldset class="w500p"> | 72 | <fieldset class="w500p"> |
@@ -84,6 +85,7 @@ | |||
84 | <input type="hidden" name="returnurl" value="{{ referer }}"> | 85 | <input type="hidden" name="returnurl" value="{{ referer }}"> |
85 | <input type="hidden" name="token" value="{{ token }}"> | 86 | <input type="hidden" name="token" value="{{ token }}"> |
86 | </form> | 87 | </form> |
88 | {% endif %} | ||
87 | 89 | ||
88 | <h2>{% trans "Import" %}</h2> | 90 | <h2>{% trans "Import" %}</h2> |
89 | <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> | 91 | <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> |
diff --git a/themes/default/login.twig b/themes/default/login.twig index 0ae130bc..2e48052b 100644 --- a/themes/default/login.twig +++ b/themes/default/login.twig | |||
@@ -2,6 +2,7 @@ | |||
2 | 2 | ||
3 | {% block title %}{% trans "login to your poche" %}{% endblock %} | 3 | {% block title %}{% trans "login to your poche" %}{% endblock %} |
4 | {% block content %} | 4 | {% block content %} |
5 | {% if http_auth == 0 %} | ||
5 | <form method="post" action="?login" name="loginform"> | 6 | <form method="post" action="?login" name="loginform"> |
6 | <fieldset class="w500p center"> | 7 | <fieldset class="w500p center"> |
7 | <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> | 8 | <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> |
@@ -29,4 +30,5 @@ | |||
29 | <input type="hidden" name="returnurl" value="{{ referer }}"> | 30 | <input type="hidden" name="returnurl" value="{{ referer }}"> |
30 | <input type="hidden" name="token" value="{{ token }}"> | 31 | <input type="hidden" name="token" value="{{ token }}"> |
31 | </form> | 32 | </form> |
32 | {% endblock %} \ No newline at end of file | 33 | {% endif %} |
34 | {% endblock %} | ||