diff options
| -rw-r--r-- | inc/poche/Database.class.php | 11 | ||||
| -rw-r--r-- | inc/poche/Poche.class.php | 35 | ||||
| -rw-r--r-- | index.php | 12 | ||||
| -rw-r--r-- | themes/default/config.twig | 2 | ||||
| -rw-r--r-- | themes/default/login.twig | 4 |
5 files changed, 54 insertions, 10 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 5c40b026..1d3ff0c2 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
| @@ -87,6 +87,17 @@ class Database { | |||
| 87 | return $user_config; | 87 | return $user_config; |
| 88 | } | 88 | } |
| 89 | 89 | ||
| 90 | public function userExists($username) { | ||
| 91 | $sql = "SELECT * FROM users WHERE username=?"; | ||
| 92 | $query = $this->executeQuery($sql, array($username)); | ||
| 93 | $login = $query->fetchAll(); | ||
| 94 | if (isset($login[0])) { | ||
| 95 | return true; | ||
| 96 | } else { | ||
| 97 | return false; | ||
| 98 | } | ||
| 99 | } | ||
| 100 | |||
| 90 | public function login($username, $password) { | 101 | public function login($username, $password) { |
| 91 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | 102 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; |
| 92 | $query = $this->executeQuery($sql, array($username, $password)); | 103 | $query = $this->executeQuery($sql, array($username, $password)); |
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 806da54b..0766cd51 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
| @@ -408,6 +408,7 @@ class Poche | |||
| 408 | $compare_prod = version_compare(POCHE, $prod); | 408 | $compare_prod = version_compare(POCHE, $prod); |
| 409 | $themes = $this->getInstalledThemes(); | 409 | $themes = $this->getInstalledThemes(); |
| 410 | $languages = $this->getInstalledLanguages(); | 410 | $languages = $this->getInstalledLanguages(); |
| 411 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false; | ||
| 411 | $tpl_vars = array( | 412 | $tpl_vars = array( |
| 412 | 'themes' => $themes, | 413 | 'themes' => $themes, |
| 413 | 'languages' => $languages, | 414 | 'languages' => $languages, |
| @@ -415,6 +416,7 @@ class Poche | |||
| 415 | 'prod' => $prod, | 416 | 'prod' => $prod, |
| 416 | 'compare_dev' => $compare_dev, | 417 | 'compare_dev' => $compare_dev, |
| 417 | 'compare_prod' => $compare_prod, | 418 | 'compare_prod' => $compare_prod, |
| 419 | 'http_auth' => $http_auth, | ||
| 418 | ); | 420 | ); |
| 419 | Tools::logm('config view'); | 421 | Tools::logm('config view'); |
| 420 | break; | 422 | break; |
| @@ -574,6 +576,21 @@ class Poche | |||
| 574 | } | 576 | } |
| 575 | 577 | ||
| 576 | /** | 578 | /** |
| 579 | * get credentials from differents sources | ||
| 580 | * it redirects the user to the $referer link | ||
| 581 | * @return array | ||
| 582 | */ | ||
| 583 | private function credentials() { | ||
| 584 | if(isset($_SERVER['PHP_AUTH_USER'])) { | ||
| 585 | return array($_SERVER['PHP_AUTH_USER'],'php_auth'); | ||
| 586 | } | ||
| 587 | if(!empty($_POST['login']) && !empty($_POST['password'])) { | ||
| 588 | return array($_POST['login'],$_POST['password']); | ||
| 589 | } | ||
| 590 | return array(false,false); | ||
| 591 | } | ||
| 592 | |||
| 593 | /** | ||
| 577 | * checks if login & password are correct and save the user in session. | 594 | * checks if login & password are correct and save the user in session. |
| 578 | * it redirects the user to the $referer link | 595 | * it redirects the user to the $referer link |
| 579 | * @param string $referer the url to redirect after login | 596 | * @param string $referer the url to redirect after login |
| @@ -582,11 +599,17 @@ class Poche | |||
| 582 | */ | 599 | */ |
| 583 | public function login($referer) | 600 | public function login($referer) |
| 584 | { | 601 | { |
| 585 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 602 | list($login,$password)=$this->credentials(); |
| 586 | $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])); | 603 | if($login === false || $password === false) { |
| 604 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
| 605 | Tools::logm('login failed'); | ||
| 606 | Tools::redirect(); | ||
| 607 | } | ||
| 608 | if (!empty($login) && !empty($password)) { | ||
| 609 | $user = $this->store->login($login, Tools::encodeString($password . $login)); | ||
| 587 | if ($user != array()) { | 610 | if ($user != array()) { |
| 588 | # Save login into Session | 611 | # Save login into Session |
| 589 | Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user))); | 612 | Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user))); |
| 590 | $this->messages->add('s', _('welcome to your poche')); | 613 | $this->messages->add('s', _('welcome to your poche')); |
| 591 | Tools::logm('login successful'); | 614 | Tools::logm('login successful'); |
| 592 | Tools::redirect($referer); | 615 | Tools::redirect($referer); |
| @@ -594,10 +617,6 @@ class Poche | |||
| 594 | $this->messages->add('e', _('login failed: bad login or password')); | 617 | $this->messages->add('e', _('login failed: bad login or password')); |
| 595 | Tools::logm('login failed'); | 618 | Tools::logm('login failed'); |
| 596 | Tools::redirect(); | 619 | Tools::redirect(); |
| 597 | } else { | ||
| 598 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
| 599 | Tools::logm('login failed'); | ||
| 600 | Tools::redirect(); | ||
| 601 | } | 620 | } |
| 602 | } | 621 | } |
| 603 | 622 | ||
| @@ -814,4 +833,4 @@ class Poche | |||
| 814 | } | 833 | } |
| 815 | return $version; | 834 | return $version; |
| 816 | } | 835 | } |
| 817 | } \ No newline at end of file | 836 | } |
| @@ -81,8 +81,18 @@ if (Session::isLogged()) { | |||
| 81 | $poche->action($action, $url, $id); | 81 | $poche->action($action, $url, $id); |
| 82 | $tpl_file = Tools::getTplFile($view); | 82 | $tpl_file = Tools::getTplFile($view); |
| 83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | 83 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); |
| 84 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | ||
| 85 | if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { | ||
| 86 | $poche->login($referer); | ||
| 87 | } else { | ||
| 88 | $poche->messages->add('e', _('login failed: user doesn\'t exist')); | ||
| 89 | Tools::logm('user doesn\'t exist'); | ||
| 90 | $tpl_file = Tools::getTplFile('login'); | ||
| 91 | $tpl_vars['http_auth'] = 1; | ||
| 92 | } | ||
| 84 | } else { | 93 | } else { |
| 85 | $tpl_file = Tools::getTplFile('login'); | 94 | $tpl_file = Tools::getTplFile('login'); |
| 95 | $tpl_vars['http_auth'] = 0; | ||
| 86 | } | 96 | } |
| 87 | 97 | ||
| 88 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | 98 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) |
| @@ -90,4 +100,4 @@ $messages = $poche->messages->display('all', FALSE); | |||
| 90 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); | 100 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); |
| 91 | 101 | ||
| 92 | # display poche | 102 | # display poche |
| 93 | echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file | 103 | echo $poche->tpl->render($tpl_file, $tpl_vars); |
diff --git a/themes/default/config.twig b/themes/default/config.twig index 23860ebd..72671702 100644 --- a/themes/default/config.twig +++ b/themes/default/config.twig | |||
| @@ -66,6 +66,7 @@ | |||
| 66 | <input type="hidden" name="token" value="{{ token }}"> | 66 | <input type="hidden" name="token" value="{{ token }}"> |
| 67 | </form> | 67 | </form> |
| 68 | 68 | ||
| 69 | {% if http_auth == 0 %} | ||
| 69 | <h2>{% trans "Change your password" %}</h2> | 70 | <h2>{% trans "Change your password" %}</h2> |
| 70 | <form method="post" action="?config" name="loginform"> | 71 | <form method="post" action="?config" name="loginform"> |
| 71 | <fieldset class="w500p"> | 72 | <fieldset class="w500p"> |
| @@ -84,6 +85,7 @@ | |||
| 84 | <input type="hidden" name="returnurl" value="{{ referer }}"> | 85 | <input type="hidden" name="returnurl" value="{{ referer }}"> |
| 85 | <input type="hidden" name="token" value="{{ token }}"> | 86 | <input type="hidden" name="token" value="{{ token }}"> |
| 86 | </form> | 87 | </form> |
| 88 | {% endif %} | ||
| 87 | 89 | ||
| 88 | <h2>{% trans "Import" %}</h2> | 90 | <h2>{% trans "Import" %}</h2> |
| 89 | <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> | 91 | <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p> |
diff --git a/themes/default/login.twig b/themes/default/login.twig index 0ae130bc..2e48052b 100644 --- a/themes/default/login.twig +++ b/themes/default/login.twig | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | {% block title %}{% trans "login to your poche" %}{% endblock %} | 3 | {% block title %}{% trans "login to your poche" %}{% endblock %} |
| 4 | {% block content %} | 4 | {% block content %} |
| 5 | {% if http_auth == 0 %} | ||
| 5 | <form method="post" action="?login" name="loginform"> | 6 | <form method="post" action="?login" name="loginform"> |
| 6 | <fieldset class="w500p center"> | 7 | <fieldset class="w500p center"> |
| 7 | <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> | 8 | <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> |
| @@ -29,4 +30,5 @@ | |||
| 29 | <input type="hidden" name="returnurl" value="{{ referer }}"> | 30 | <input type="hidden" name="returnurl" value="{{ referer }}"> |
| 30 | <input type="hidden" name="token" value="{{ token }}"> | 31 | <input type="hidden" name="token" value="{{ token }}"> |
| 31 | </form> | 32 | </form> |
| 32 | {% endblock %} \ No newline at end of file | 33 | {% endif %} |
| 34 | {% endblock %} | ||