diff options
Diffstat (limited to 'inc')
-rw-r--r-- | inc/poche/Database.class.php | 11 | ||||
-rw-r--r-- | inc/poche/Poche.class.php | 35 |
2 files changed, 38 insertions, 8 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 5c40b026..1d3ff0c2 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
@@ -87,6 +87,17 @@ class Database { | |||
87 | return $user_config; | 87 | return $user_config; |
88 | } | 88 | } |
89 | 89 | ||
90 | public function userExists($username) { | ||
91 | $sql = "SELECT * FROM users WHERE username=?"; | ||
92 | $query = $this->executeQuery($sql, array($username)); | ||
93 | $login = $query->fetchAll(); | ||
94 | if (isset($login[0])) { | ||
95 | return true; | ||
96 | } else { | ||
97 | return false; | ||
98 | } | ||
99 | } | ||
100 | |||
90 | public function login($username, $password) { | 101 | public function login($username, $password) { |
91 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | 102 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; |
92 | $query = $this->executeQuery($sql, array($username, $password)); | 103 | $query = $this->executeQuery($sql, array($username, $password)); |
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 806da54b..0766cd51 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -408,6 +408,7 @@ class Poche | |||
408 | $compare_prod = version_compare(POCHE, $prod); | 408 | $compare_prod = version_compare(POCHE, $prod); |
409 | $themes = $this->getInstalledThemes(); | 409 | $themes = $this->getInstalledThemes(); |
410 | $languages = $this->getInstalledLanguages(); | 410 | $languages = $this->getInstalledLanguages(); |
411 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false; | ||
411 | $tpl_vars = array( | 412 | $tpl_vars = array( |
412 | 'themes' => $themes, | 413 | 'themes' => $themes, |
413 | 'languages' => $languages, | 414 | 'languages' => $languages, |
@@ -415,6 +416,7 @@ class Poche | |||
415 | 'prod' => $prod, | 416 | 'prod' => $prod, |
416 | 'compare_dev' => $compare_dev, | 417 | 'compare_dev' => $compare_dev, |
417 | 'compare_prod' => $compare_prod, | 418 | 'compare_prod' => $compare_prod, |
419 | 'http_auth' => $http_auth, | ||
418 | ); | 420 | ); |
419 | Tools::logm('config view'); | 421 | Tools::logm('config view'); |
420 | break; | 422 | break; |
@@ -574,6 +576,21 @@ class Poche | |||
574 | } | 576 | } |
575 | 577 | ||
576 | /** | 578 | /** |
579 | * get credentials from differents sources | ||
580 | * it redirects the user to the $referer link | ||
581 | * @return array | ||
582 | */ | ||
583 | private function credentials() { | ||
584 | if(isset($_SERVER['PHP_AUTH_USER'])) { | ||
585 | return array($_SERVER['PHP_AUTH_USER'],'php_auth'); | ||
586 | } | ||
587 | if(!empty($_POST['login']) && !empty($_POST['password'])) { | ||
588 | return array($_POST['login'],$_POST['password']); | ||
589 | } | ||
590 | return array(false,false); | ||
591 | } | ||
592 | |||
593 | /** | ||
577 | * checks if login & password are correct and save the user in session. | 594 | * checks if login & password are correct and save the user in session. |
578 | * it redirects the user to the $referer link | 595 | * it redirects the user to the $referer link |
579 | * @param string $referer the url to redirect after login | 596 | * @param string $referer the url to redirect after login |
@@ -582,11 +599,17 @@ class Poche | |||
582 | */ | 599 | */ |
583 | public function login($referer) | 600 | public function login($referer) |
584 | { | 601 | { |
585 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 602 | list($login,$password)=$this->credentials(); |
586 | $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])); | 603 | if($login === false || $password === false) { |
604 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
605 | Tools::logm('login failed'); | ||
606 | Tools::redirect(); | ||
607 | } | ||
608 | if (!empty($login) && !empty($password)) { | ||
609 | $user = $this->store->login($login, Tools::encodeString($password . $login)); | ||
587 | if ($user != array()) { | 610 | if ($user != array()) { |
588 | # Save login into Session | 611 | # Save login into Session |
589 | Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user))); | 612 | Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user))); |
590 | $this->messages->add('s', _('welcome to your poche')); | 613 | $this->messages->add('s', _('welcome to your poche')); |
591 | Tools::logm('login successful'); | 614 | Tools::logm('login successful'); |
592 | Tools::redirect($referer); | 615 | Tools::redirect($referer); |
@@ -594,10 +617,6 @@ class Poche | |||
594 | $this->messages->add('e', _('login failed: bad login or password')); | 617 | $this->messages->add('e', _('login failed: bad login or password')); |
595 | Tools::logm('login failed'); | 618 | Tools::logm('login failed'); |
596 | Tools::redirect(); | 619 | Tools::redirect(); |
597 | } else { | ||
598 | $this->messages->add('e', _('login failed: you have to fill all fields')); | ||
599 | Tools::logm('login failed'); | ||
600 | Tools::redirect(); | ||
601 | } | 620 | } |
602 | } | 621 | } |
603 | 622 | ||
@@ -814,4 +833,4 @@ class Poche | |||
814 | } | 833 | } |
815 | return $version; | 834 | return $version; |
816 | } | 835 | } |
817 | } \ No newline at end of file | 836 | } |