diff options
| -rw-r--r-- | inc/poche/Database.class.php | 11 | ||||
| -rw-r--r-- | index.php | 10 | ||||
| -rw-r--r-- | themes/default/login.twig | 4 |
3 files changed, 23 insertions, 2 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 5c40b026..1d3ff0c2 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
| @@ -87,6 +87,17 @@ class Database { | |||
| 87 | return $user_config; | 87 | return $user_config; |
| 88 | } | 88 | } |
| 89 | 89 | ||
| 90 | public function userExists($username) { | ||
| 91 | $sql = "SELECT * FROM users WHERE username=?"; | ||
| 92 | $query = $this->executeQuery($sql, array($username)); | ||
| 93 | $login = $query->fetchAll(); | ||
| 94 | if (isset($login[0])) { | ||
| 95 | return true; | ||
| 96 | } else { | ||
| 97 | return false; | ||
| 98 | } | ||
| 99 | } | ||
| 100 | |||
| 90 | public function login($username, $password) { | 101 | public function login($username, $password) { |
| 91 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | 102 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; |
| 92 | $query = $this->executeQuery($sql, array($username, $password)); | 103 | $query = $this->executeQuery($sql, array($username, $password)); |
| @@ -82,9 +82,17 @@ if (Session::isLogged()) { | |||
| 82 | $tpl_file = Tools::getTplFile($view); | 82 | $tpl_file = Tools::getTplFile($view); |
| 83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | 83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); |
| 84 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | 84 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { |
| 85 | $poche->login($referer); | 85 | if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { |
| 86 | $poche->login($referer); | ||
| 87 | } else { | ||
| 88 | $poche->messages->add('e', _('login failed: user doesn\'t exist')); | ||
| 89 | Tools::logm('user doesn\'t exist'); | ||
| 90 | $tpl_file = Tools::getTplFile('login'); | ||
| 91 | $tpl_vars['http_auth'] = 1; | ||
| 92 | } | ||
| 86 | } else { | 93 | } else { |
| 87 | $tpl_file = Tools::getTplFile('login'); | 94 | $tpl_file = Tools::getTplFile('login'); |
| 95 | $tpl_vars['http_auth'] = 0; | ||
| 88 | } | 96 | } |
| 89 | 97 | ||
| 90 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | 98 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) |
diff --git a/themes/default/login.twig b/themes/default/login.twig index 0ae130bc..2e48052b 100644 --- a/themes/default/login.twig +++ b/themes/default/login.twig | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | {% block title %}{% trans "login to your poche" %}{% endblock %} | 3 | {% block title %}{% trans "login to your poche" %}{% endblock %} |
| 4 | {% block content %} | 4 | {% block content %} |
| 5 | {% if http_auth == 0 %} | ||
| 5 | <form method="post" action="?login" name="loginform"> | 6 | <form method="post" action="?login" name="loginform"> |
| 6 | <fieldset class="w500p center"> | 7 | <fieldset class="w500p center"> |
| 7 | <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> | 8 | <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> |
| @@ -29,4 +30,5 @@ | |||
| 29 | <input type="hidden" name="returnurl" value="{{ referer }}"> | 30 | <input type="hidden" name="returnurl" value="{{ referer }}"> |
| 30 | <input type="hidden" name="token" value="{{ token }}"> | 31 | <input type="hidden" name="token" value="{{ token }}"> |
| 31 | </form> | 32 | </form> |
| 32 | {% endblock %} \ No newline at end of file | 33 | {% endif %} |
| 34 | {% endblock %} | ||