aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--inc/poche/Database.class.php11
-rw-r--r--inc/poche/Poche.class.php35
-rw-r--r--index.php12
-rw-r--r--themes/default/config.twig2
-rw-r--r--themes/default/login.twig4
5 files changed, 54 insertions, 10 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 5c40b026..1d3ff0c2 100644
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -87,6 +87,17 @@ class Database {
87 return $user_config; 87 return $user_config;
88 } 88 }
89 89
90 public function userExists($username) {
91 $sql = "SELECT * FROM users WHERE username=?";
92 $query = $this->executeQuery($sql, array($username));
93 $login = $query->fetchAll();
94 if (isset($login[0])) {
95 return true;
96 } else {
97 return false;
98 }
99 }
100
90 public function login($username, $password) { 101 public function login($username, $password) {
91 $sql = "SELECT * FROM users WHERE username=? AND password=?"; 102 $sql = "SELECT * FROM users WHERE username=? AND password=?";
92 $query = $this->executeQuery($sql, array($username, $password)); 103 $query = $this->executeQuery($sql, array($username, $password));
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 806da54b..0766cd51 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -408,6 +408,7 @@ class Poche
408 $compare_prod = version_compare(POCHE, $prod); 408 $compare_prod = version_compare(POCHE, $prod);
409 $themes = $this->getInstalledThemes(); 409 $themes = $this->getInstalledThemes();
410 $languages = $this->getInstalledLanguages(); 410 $languages = $this->getInstalledLanguages();
411 $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false;
411 $tpl_vars = array( 412 $tpl_vars = array(
412 'themes' => $themes, 413 'themes' => $themes,
413 'languages' => $languages, 414 'languages' => $languages,
@@ -415,6 +416,7 @@ class Poche
415 'prod' => $prod, 416 'prod' => $prod,
416 'compare_dev' => $compare_dev, 417 'compare_dev' => $compare_dev,
417 'compare_prod' => $compare_prod, 418 'compare_prod' => $compare_prod,
419 'http_auth' => $http_auth,
418 ); 420 );
419 Tools::logm('config view'); 421 Tools::logm('config view');
420 break; 422 break;
@@ -574,6 +576,21 @@ class Poche
574 } 576 }
575 577
576 /** 578 /**
579 * get credentials from differents sources
580 * it redirects the user to the $referer link
581 * @return array
582 */
583 private function credentials() {
584 if(isset($_SERVER['PHP_AUTH_USER'])) {
585 return array($_SERVER['PHP_AUTH_USER'],'php_auth');
586 }
587 if(!empty($_POST['login']) && !empty($_POST['password'])) {
588 return array($_POST['login'],$_POST['password']);
589 }
590 return array(false,false);
591 }
592
593 /**
577 * checks if login & password are correct and save the user in session. 594 * checks if login & password are correct and save the user in session.
578 * it redirects the user to the $referer link 595 * it redirects the user to the $referer link
579 * @param string $referer the url to redirect after login 596 * @param string $referer the url to redirect after login
@@ -582,11 +599,17 @@ class Poche
582 */ 599 */
583 public function login($referer) 600 public function login($referer)
584 { 601 {
585 if (!empty($_POST['login']) && !empty($_POST['password'])) { 602 list($login,$password)=$this->credentials();
586 $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])); 603 if($login === false || $password === false) {
604 $this->messages->add('e', _('login failed: you have to fill all fields'));
605 Tools::logm('login failed');
606 Tools::redirect();
607 }
608 if (!empty($login) && !empty($password)) {
609 $user = $this->store->login($login, Tools::encodeString($password . $login));
587 if ($user != array()) { 610 if ($user != array()) {
588 # Save login into Session 611 # Save login into Session
589 Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user))); 612 Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user)));
590 $this->messages->add('s', _('welcome to your poche')); 613 $this->messages->add('s', _('welcome to your poche'));
591 Tools::logm('login successful'); 614 Tools::logm('login successful');
592 Tools::redirect($referer); 615 Tools::redirect($referer);
@@ -594,10 +617,6 @@ class Poche
594 $this->messages->add('e', _('login failed: bad login or password')); 617 $this->messages->add('e', _('login failed: bad login or password'));
595 Tools::logm('login failed'); 618 Tools::logm('login failed');
596 Tools::redirect(); 619 Tools::redirect();
597 } else {
598 $this->messages->add('e', _('login failed: you have to fill all fields'));
599 Tools::logm('login failed');
600 Tools::redirect();
601 } 620 }
602 } 621 }
603 622
@@ -814,4 +833,4 @@ class Poche
814 } 833 }
815 return $version; 834 return $version;
816 } 835 }
817} \ No newline at end of file 836}
diff --git a/index.php b/index.php
index fdcfc328..d400354d 100644
--- a/index.php
+++ b/index.php
@@ -81,8 +81,18 @@ if (Session::isLogged()) {
81 $poche->action($action, $url, $id); 81 $poche->action($action, $url, $id);
82 $tpl_file = Tools::getTplFile($view); 82 $tpl_file = Tools::getTplFile($view);
83 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); 83 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
84} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
85 if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
86 $poche->login($referer);
87 } else {
88 $poche->messages->add('e', _('login failed: user doesn\'t exist'));
89 Tools::logm('user doesn\'t exist');
90 $tpl_file = Tools::getTplFile('login');
91 $tpl_vars['http_auth'] = 1;
92 }
84} else { 93} else {
85 $tpl_file = Tools::getTplFile('login'); 94 $tpl_file = Tools::getTplFile('login');
95 $tpl_vars['http_auth'] = 0;
86} 96}
87 97
88# because messages can be added in $poche->action(), we have to add this entry now (we can add it before) 98# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
@@ -90,4 +100,4 @@ $messages = $poche->messages->display('all', FALSE);
90$tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); 100$tpl_vars = array_merge($tpl_vars, array('messages' => $messages));
91 101
92# display poche 102# display poche
93echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file 103echo $poche->tpl->render($tpl_file, $tpl_vars);
diff --git a/themes/default/config.twig b/themes/default/config.twig
index 23860ebd..72671702 100644
--- a/themes/default/config.twig
+++ b/themes/default/config.twig
@@ -66,6 +66,7 @@
66 <input type="hidden" name="token" value="{{ token }}"> 66 <input type="hidden" name="token" value="{{ token }}">
67 </form> 67 </form>
68 68
69 {% if http_auth == 0 %}
69 <h2>{% trans "Change your password" %}</h2> 70 <h2>{% trans "Change your password" %}</h2>
70 <form method="post" action="?config" name="loginform"> 71 <form method="post" action="?config" name="loginform">
71 <fieldset class="w500p"> 72 <fieldset class="w500p">
@@ -84,6 +85,7 @@
84 <input type="hidden" name="returnurl" value="{{ referer }}"> 85 <input type="hidden" name="returnurl" value="{{ referer }}">
85 <input type="hidden" name="token" value="{{ token }}"> 86 <input type="hidden" name="token" value="{{ token }}">
86 </form> 87 </form>
88 {% endif %}
87 89
88 <h2>{% trans "Import" %}</h2> 90 <h2>{% trans "Import" %}</h2>
89 <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> 91 <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p>
diff --git a/themes/default/login.twig b/themes/default/login.twig
index 0ae130bc..2e48052b 100644
--- a/themes/default/login.twig
+++ b/themes/default/login.twig
@@ -2,6 +2,7 @@
2 2
3{% block title %}{% trans "login to your poche" %}{% endblock %} 3{% block title %}{% trans "login to your poche" %}{% endblock %}
4{% block content %} 4{% block content %}
5 {% if http_auth == 0 %}
5 <form method="post" action="?login" name="loginform"> 6 <form method="post" action="?login" name="loginform">
6 <fieldset class="w500p center"> 7 <fieldset class="w500p center">
7 <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> 8 <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
@@ -29,4 +30,5 @@
29 <input type="hidden" name="returnurl" value="{{ referer }}"> 30 <input type="hidden" name="returnurl" value="{{ referer }}">
30 <input type="hidden" name="token" value="{{ token }}"> 31 <input type="hidden" name="token" value="{{ token }}">
31 </form> 32 </form>
32{% endblock %} \ No newline at end of file 33 {% endif %}
34{% endblock %}