aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--inc/poche/Database.class.php11
-rw-r--r--index.php10
-rw-r--r--themes/default/login.twig4
3 files changed, 23 insertions, 2 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 5c40b026..1d3ff0c2 100644
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -87,6 +87,17 @@ class Database {
87 return $user_config; 87 return $user_config;
88 } 88 }
89 89
90 public function userExists($username) {
91 $sql = "SELECT * FROM users WHERE username=?";
92 $query = $this->executeQuery($sql, array($username));
93 $login = $query->fetchAll();
94 if (isset($login[0])) {
95 return true;
96 } else {
97 return false;
98 }
99 }
100
90 public function login($username, $password) { 101 public function login($username, $password) {
91 $sql = "SELECT * FROM users WHERE username=? AND password=?"; 102 $sql = "SELECT * FROM users WHERE username=? AND password=?";
92 $query = $this->executeQuery($sql, array($username, $password)); 103 $query = $this->executeQuery($sql, array($username, $password));
diff --git a/index.php b/index.php
index d79f3f95..d400354d 100644
--- a/index.php
+++ b/index.php
@@ -82,9 +82,17 @@ if (Session::isLogged()) {
82 $tpl_file = Tools::getTplFile($view); 82 $tpl_file = Tools::getTplFile($view);
83 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); 83 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
84} elseif(isset($_SERVER['PHP_AUTH_USER'])) { 84} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
85 $poche->login($referer); 85 if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
86 $poche->login($referer);
87 } else {
88 $poche->messages->add('e', _('login failed: user doesn\'t exist'));
89 Tools::logm('user doesn\'t exist');
90 $tpl_file = Tools::getTplFile('login');
91 $tpl_vars['http_auth'] = 1;
92 }
86} else { 93} else {
87 $tpl_file = Tools::getTplFile('login'); 94 $tpl_file = Tools::getTplFile('login');
95 $tpl_vars['http_auth'] = 0;
88} 96}
89 97
90# because messages can be added in $poche->action(), we have to add this entry now (we can add it before) 98# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
diff --git a/themes/default/login.twig b/themes/default/login.twig
index 0ae130bc..2e48052b 100644
--- a/themes/default/login.twig
+++ b/themes/default/login.twig
@@ -2,6 +2,7 @@
2 2
3{% block title %}{% trans "login to your poche" %}{% endblock %} 3{% block title %}{% trans "login to your poche" %}{% endblock %}
4{% block content %} 4{% block content %}
5 {% if http_auth == 0 %}
5 <form method="post" action="?login" name="loginform"> 6 <form method="post" action="?login" name="loginform">
6 <fieldset class="w500p center"> 7 <fieldset class="w500p center">
7 <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2> 8 <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
@@ -29,4 +30,5 @@
29 <input type="hidden" name="returnurl" value="{{ referer }}"> 30 <input type="hidden" name="returnurl" value="{{ referer }}">
30 <input type="hidden" name="token" value="{{ token }}"> 31 <input type="hidden" name="token" value="{{ token }}">
31 </form> 32 </form>
32{% endblock %} \ No newline at end of file 33 {% endif %}
34{% endblock %}