2 files changed, 18 insertions, 12 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 3b0f455e..0457af69 100644
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -165,9 +165,14 @@ class Database {
        }
    }
-    public function login($username, $password) {
+    public function login($username, $password, $isauthenticated=false) {
-        $sql = "SELECT * FROM users WHERE username=? AND password=?";
+        if ($isauthenticated) {
-        $query = $this->executeQuery($sql, array($username, $password));
+          $sql = "SELECT * FROM users WHERE username=?";
+          $query = $this->executeQuery($sql, array($username));
+        } else {
+          $sql = "SELECT * FROM users WHERE username=? AND password=?";
+          $query = $this->executeQuery($sql, array($username, $password));
+        }
        $login = $query->fetchAll();
        $user = array();
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index e9b14121..77361ef7 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -692,17 +692,17 @@ class Poche
     */
    private function credentials() {
        if(isset($_SERVER['PHP_AUTH_USER'])) {
-            return array($_SERVER['PHP_AUTH_USER'],'php_auth');
+            return array($_SERVER['PHP_AUTH_USER'],'php_auth',true);
        }
        if(!empty($_POST['login']) && !empty($_POST['password'])) {
-            return array($_POST['login'],$_POST['password']);
+            return array($_POST['login'],$_POST['password'],false);
        }
        if(isset($_SERVER['REMOTE_USER'])) {
-            return array($_SERVER['REMOTE_USER'],'http_auth');
+            return array($_SERVER['REMOTE_USER'],'http_auth',true);
        }
-        return array(false,false);
+        return array(false,false,false);
-     }
+    }
    /**
     * checks if login & password are correct and save the user in session.
@@ -713,18 +713,19 @@ class Poche
     */
    public function login($referer)
    {
-        list($login,$password)=$this->credentials();
+        list($login,$password,$isauthenticated)=$this->credentials();
        if($login === false || $password === false) {
            $this->messages->add('e', _('login failed: you have to fill all fields'));
            Tools::logm('login failed');
            Tools::redirect();
        }
        if (!empty($login) && !empty($password)) {
-            $user = $this->store->login($login, Tools::encodeString($password . $login));
+            $user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated);
            if ($user != array()) {
                # Save login into Session
-                $longlastingsession = isset($_POST['longlastingsession']);
+                $longlastingsession = isset($_POST['longlastingsession']);
-                Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user)));
+                $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login);
+                Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user)));
                $this->messages->add('s', _('welcome to your poche'));
                Tools::logm('login successful');
                Tools::redirect($referer);