aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rw-r--r--inc/poche/Database.class.php11
-rw-r--r--inc/poche/Poche.class.php19
2 files changed, 18 insertions, 12 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 3b0f455e..0457af69 100644
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -165,9 +165,14 @@ class Database {
165 } 165 }
166 } 166 }
167 167
168 public function login($username, $password) { 168 public function login($username, $password, $isauthenticated=false) {
169 $sql = "SELECT * FROM users WHERE username=? AND password=?"; 169 if ($isauthenticated) {
170 $query = $this->executeQuery($sql, array($username, $password)); 170 $sql = "SELECT * FROM users WHERE username=?";
171 $query = $this->executeQuery($sql, array($username));
172 } else {
173 $sql = "SELECT * FROM users WHERE username=? AND password=?";
174 $query = $this->executeQuery($sql, array($username, $password));
175 }
171 $login = $query->fetchAll(); 176 $login = $query->fetchAll();
172 177
173 $user = array(); 178 $user = array();
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index e9b14121..77361ef7 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -692,17 +692,17 @@ class Poche
692 */ 692 */
693 private function credentials() { 693 private function credentials() {
694 if(isset($_SERVER['PHP_AUTH_USER'])) { 694 if(isset($_SERVER['PHP_AUTH_USER'])) {
695 return array($_SERVER['PHP_AUTH_USER'],'php_auth'); 695 return array($_SERVER['PHP_AUTH_USER'],'php_auth',true);
696 } 696 }
697 if(!empty($_POST['login']) && !empty($_POST['password'])) { 697 if(!empty($_POST['login']) && !empty($_POST['password'])) {
698 return array($_POST['login'],$_POST['password']); 698 return array($_POST['login'],$_POST['password'],false);
699 } 699 }
700 if(isset($_SERVER['REMOTE_USER'])) { 700 if(isset($_SERVER['REMOTE_USER'])) {
701 return array($_SERVER['REMOTE_USER'],'http_auth'); 701 return array($_SERVER['REMOTE_USER'],'http_auth',true);
702 } 702 }
703 703
704 return array(false,false); 704 return array(false,false,false);
705 } 705 }
706 706
707 /** 707 /**
708 * checks if login & password are correct and save the user in session. 708 * checks if login & password are correct and save the user in session.
@@ -713,18 +713,19 @@ class Poche
713 */ 713 */
714 public function login($referer) 714 public function login($referer)
715 { 715 {
716 list($login,$password)=$this->credentials(); 716 list($login,$password,$isauthenticated)=$this->credentials();
717 if($login === false || $password === false) { 717 if($login === false || $password === false) {
718 $this->messages->add('e', _('login failed: you have to fill all fields')); 718 $this->messages->add('e', _('login failed: you have to fill all fields'));
719 Tools::logm('login failed'); 719 Tools::logm('login failed');
720 Tools::redirect(); 720 Tools::redirect();
721 } 721 }
722 if (!empty($login) && !empty($password)) { 722 if (!empty($login) && !empty($password)) {
723 $user = $this->store->login($login, Tools::encodeString($password . $login)); 723 $user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated);
724 if ($user != array()) { 724 if ($user != array()) {
725 # Save login into Session 725 # Save login into Session
726 $longlastingsession = isset($_POST['longlastingsession']); 726 $longlastingsession = isset($_POST['longlastingsession']);
727 Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user))); 727 $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login);
728 Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user)));
728 $this->messages->add('s', _('welcome to your poche')); 729 $this->messages->add('s', _('welcome to your poche'));
729 Tools::logm('login successful'); 730 Tools::logm('login successful');
730 Tools::redirect($referer); 731 Tools::redirect($referer);