diff options
-rw-r--r-- | inc/poche/Poche.class.php | 35 | ||||
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | themes/default/config.twig | 2 |
3 files changed, 32 insertions, 9 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 806da54b..0766cd51 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -408,6 +408,7 @@ class Poche | |||
408 | $compare_prod = version_compare(POCHE, $prod); | 408 | $compare_prod = version_compare(POCHE, $prod); |
409 | $themes = $this->getInstalledThemes(); | 409 | $themes = $this->getInstalledThemes(); |
410 | $languages = $this->getInstalledLanguages(); | 410 | $languages = $this->getInstalledLanguages(); |
411 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false; | ||
411 | $tpl_vars = array( | 412 | $tpl_vars = array( |
412 | 'themes' => $themes, | 413 | 'themes' => $themes, |
413 | 'languages' => $languages, | 414 | 'languages' => $languages, |
@@ -415,6 +416,7 @@ class Poche | |||
415 | 'prod' => $prod, | 416 | 'prod' => $prod, |
416 | 'compare_dev' => $compare_dev, | 417 | 'compare_dev' => $compare_dev, |
417 | 'compare_prod' => $compare_prod, | 418 | 'compare_prod' => $compare_prod, |
419 | 'http_auth' => $http_auth, | ||
418 | ); | 420 | ); |
419 | Tools::logm('config view'); | 421 | Tools::logm('config view'); |
420 | break; | 422 | break; |
@@ -574,6 +576,21 @@ class Poche | |||
574 | } | 576 | } |
575 | 577 | ||
576 | /** | 578 | /** |
579 | * get credentials from differents sources | ||
580 | * it redirects the user to the $referer link | ||
581 | * @return array | ||
582 | */ | ||
583 | private function credentials() { | ||
584 | if(isset($_SERVER['PHP_AUTH_USER'])) { | ||
585 | return array($_SERVER['PHP_AUTH_USER'],'php_auth'); | ||
586 | } | ||
587 | if(!empty($_POST['login']) && !empty($_POST['password'])) { | ||
588 | return array($_POST['login'],$_POST['password']); | ||
589 | } | ||
590 | return array(false,false); | ||
591 | } | ||
592 | |||
593 | /** | ||
577 | * checks if login & password are correct and save the user in session. | 594 | * checks if login & password are correct and save the user in session. |
578 | * it redirects the user to the $referer link | 595 | * it redirects the user to the $referer link |
579 | * @param string $referer the url to redirect after login | 596 | * @param string $referer the url to redirect after login |
@@ -582,11 +599,17 @@ class Poche | |||
582 | */ | 599 | */ |
583 | public function login($referer) | 600 | public function login($referer) |
584 | { | 601 | { |
585 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 602 | list($login,$password)=$this->credentials(); |
586 | $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])); | 603 | if($login === false || $password === false) { |
604 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
605 | Tools::logm('login failed'); | ||
606 | Tools::redirect(); | ||
607 | } | ||
608 | if (!empty($login) && !empty($password)) { | ||
609 | $user = $this->store->login($login, Tools::encodeString($password . $login)); | ||
587 | if ($user != array()) { | 610 | if ($user != array()) { |
588 | # Save login into Session | 611 | # Save login into Session |
589 | Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user))); | 612 | Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user))); |
590 | $this->messages->add('s', _('welcome to your poche')); | 613 | $this->messages->add('s', _('welcome to your poche')); |
591 | Tools::logm('login successful'); | 614 | Tools::logm('login successful'); |
592 | Tools::redirect($referer); | 615 | Tools::redirect($referer); |
@@ -594,10 +617,6 @@ class Poche | |||
594 | $this->messages->add('e', _('login failed: bad login or password')); | 617 | $this->messages->add('e', _('login failed: bad login or password')); |
595 | Tools::logm('login failed'); | 618 | Tools::logm('login failed'); |
596 | Tools::redirect(); | 619 | Tools::redirect(); |
597 | } else { | ||
598 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
599 | Tools::logm('login failed'); | ||
600 | Tools::redirect(); | ||
601 | } | 620 | } |
602 | } | 621 | } |
603 | 622 | ||
@@ -814,4 +833,4 @@ class Poche | |||
814 | } | 833 | } |
815 | return $version; | 834 | return $version; |
816 | } | 835 | } |
817 | } \ No newline at end of file | 836 | } |
@@ -81,6 +81,8 @@ if (Session::isLogged()) { | |||
81 | $poche->action($action, $url, $id); | 81 | $poche->action($action, $url, $id); |
82 | $tpl_file = Tools::getTplFile($view); | 82 | $tpl_file = Tools::getTplFile($view); |
83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | 83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); |
84 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | ||
85 | $poche->login($referer); | ||
84 | } else { | 86 | } else { |
85 | $tpl_file = Tools::getTplFile('login'); | 87 | $tpl_file = Tools::getTplFile('login'); |
86 | } | 88 | } |
@@ -90,4 +92,4 @@ $messages = $poche->messages->display('all', FALSE); | |||
90 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); | 92 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); |
91 | 93 | ||
92 | # display poche | 94 | # display poche |
93 | echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file | 95 | echo $poche->tpl->render($tpl_file, $tpl_vars); |
diff --git a/themes/default/config.twig b/themes/default/config.twig index 23860ebd..72671702 100644 --- a/themes/default/config.twig +++ b/themes/default/config.twig | |||
@@ -66,6 +66,7 @@ | |||
66 | <input type="hidden" name="token" value="{{ token }}"> | 66 | <input type="hidden" name="token" value="{{ token }}"> |
67 | </form> | 67 | </form> |
68 | 68 | ||
69 | {% if http_auth == 0 %} | ||
69 | <h2>{% trans "Change your password" %}</h2> | 70 | <h2>{% trans "Change your password" %}</h2> |
70 | <form method="post" action="?config" name="loginform"> | 71 | <form method="post" action="?config" name="loginform"> |
71 | <fieldset class="w500p"> | 72 | <fieldset class="w500p"> |
@@ -84,6 +85,7 @@ | |||
84 | <input type="hidden" name="returnurl" value="{{ referer }}"> | 85 | <input type="hidden" name="returnurl" value="{{ referer }}"> |
85 | <input type="hidden" name="token" value="{{ token }}"> | 86 | <input type="hidden" name="token" value="{{ token }}"> |
86 | </form> | 87 | </form> |
88 | {% endif %} | ||
87 | 89 | ||
88 | <h2>{% trans "Import" %}</h2> | 90 | <h2>{% trans "Import" %}</h2> |
89 | <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> | 91 | <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> |