From df6afaf0909506a334ef2b8c6f69770cd9890e0d Mon Sep 17 00:00:00 2001
From: Denis Sacchet <denis@sacchet.fr>
Date: Sun, 20 Oct 2013 16:53:54 +0200
Subject: Added support for http_auth

---
 inc/poche/Poche.class.php  | 35 +++++++++++++++++++++++++++--------
 index.php                  |  4 +++-
 themes/default/config.twig |  2 ++
 3 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 806da54b..0766cd51 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -408,6 +408,7 @@ class Poche
                 $compare_prod = version_compare(POCHE, $prod);
                 $themes = $this->getInstalledThemes();
                 $languages = $this->getInstalledLanguages();
+                $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false;
                 $tpl_vars = array(
                     'themes' => $themes,
                     'languages' => $languages,
@@ -415,6 +416,7 @@ class Poche
                     'prod' => $prod,
                     'compare_dev' => $compare_dev,
                     'compare_prod' => $compare_prod,
+                    'http_auth' => $http_auth,
                 );
                 Tools::logm('config view');
                 break;
@@ -573,6 +575,21 @@ class Poche
         Tools::redirect('?view=config');
     }
 
+    /**
+     * get credentials from differents sources
+     * it redirects the user to the $referer link
+     * @return array
+     */
+     private function credentials() {
+         if(isset($_SERVER['PHP_AUTH_USER'])) {
+             return array($_SERVER['PHP_AUTH_USER'],'php_auth');
+         }
+         if(!empty($_POST['login']) && !empty($_POST['password'])) {
+             return array($_POST['login'],$_POST['password']);
+         }
+         return array(false,false);
+     }
+
     /**
      * checks if login & password are correct and save the user in session.
      * it redirects the user to the $referer link
@@ -582,11 +599,17 @@ class Poche
      */
     public function login($referer)
     {
-        if (!empty($_POST['login']) && !empty($_POST['password'])) {
-            $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']));
+        list($login,$password)=$this->credentials();
+        if($login === false || $password === false) {
+            $this->messages->add('e', _('login failed: you have to fill all fields'));
+            Tools::logm('login failed');
+            Tools::redirect();
+        }
+        if (!empty($login) && !empty($password)) {
+            $user = $this->store->login($login, Tools::encodeString($password . $login));
             if ($user != array()) {
                 # Save login into Session
-                Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user)));
+                Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user)));
                 $this->messages->add('s', _('welcome to your poche'));
                 Tools::logm('login successful');
                 Tools::redirect($referer);
@@ -594,10 +617,6 @@ class Poche
             $this->messages->add('e', _('login failed: bad login or password'));
             Tools::logm('login failed');
             Tools::redirect();
-        } else {
-            $this->messages->add('e', _('login failed: you have to fill all fields'));
-            Tools::logm('login failed');
-            Tools::redirect();
         }
     }
 
@@ -814,4 +833,4 @@ class Poche
         }
         return $version;
     }
-}
\ No newline at end of file
+}
diff --git a/index.php b/index.php
index fdcfc328..d79f3f95 100644
--- a/index.php
+++ b/index.php
@@ -81,6 +81,8 @@ if (Session::isLogged()) {
     $poche->action($action, $url, $id);
     $tpl_file = Tools::getTplFile($view);
     $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
+} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
+    $poche->login($referer);
 } else {
     $tpl_file = Tools::getTplFile('login');
 }
@@ -90,4 +92,4 @@ $messages = $poche->messages->display('all', FALSE);
 $tpl_vars = array_merge($tpl_vars, array('messages' => $messages));
 
 # display poche
-echo $poche->tpl->render($tpl_file, $tpl_vars);
\ No newline at end of file
+echo $poche->tpl->render($tpl_file, $tpl_vars);
diff --git a/themes/default/config.twig b/themes/default/config.twig
index 23860ebd..72671702 100644
--- a/themes/default/config.twig
+++ b/themes/default/config.twig
@@ -66,6 +66,7 @@
                 <input type="hidden" name="token" value="{{ token }}">
             </form>
 
+            {% if http_auth == 0 %}
             <h2>{% trans "Change your password" %}</h2>
             <form method="post" action="?config" name="loginform">
                 <fieldset class="w500p">
@@ -84,6 +85,7 @@
                 <input type="hidden" name="returnurl" value="{{ referer }}">
                 <input type="hidden" name="token" value="{{ token }}">
             </form>
+            {% endif %}
 
             <h2>{% trans "Import" %}</h2>
             <p>{% trans "Please execute the import script locally, it can take a very long time." %}</p>
-- 
cgit v1.2.3


From 027b4e156853b4d5e358e19e83506ec4446de7ab Mon Sep 17 00:00:00 2001
From: Denis Sacchet <denis@sacchet.fr>
Date: Sun, 20 Oct 2013 23:28:45 +0200
Subject: Adding support for http_auth

---
 inc/poche/Database.class.php | 11 +++++++++++
 index.php                    | 10 +++++++++-
 themes/default/login.twig    |  4 +++-
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 5c40b026..1d3ff0c2 100644
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -87,6 +87,17 @@ class Database {
         return $user_config;
     }
 
+    public function userExists($username) {
+        $sql = "SELECT * FROM users WHERE username=?";
+        $query = $this->executeQuery($sql, array($username));
+        $login = $query->fetchAll();
+        if (isset($login[0])) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
     public function login($username, $password) {
         $sql = "SELECT * FROM users WHERE username=? AND password=?";
         $query = $this->executeQuery($sql, array($username, $password));
diff --git a/index.php b/index.php
index d79f3f95..d400354d 100644
--- a/index.php
+++ b/index.php
@@ -82,9 +82,17 @@ if (Session::isLogged()) {
     $tpl_file = Tools::getTplFile($view);
     $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
 } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
-    $poche->login($referer);
+    if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
+        $poche->login($referer);
+    } else {
+        $poche->messages->add('e', _('login failed: user doesn\'t exist'));
+        Tools::logm('user doesn\'t exist');
+        $tpl_file = Tools::getTplFile('login');
+        $tpl_vars['http_auth'] = 1;
+    }
 } else {
     $tpl_file = Tools::getTplFile('login');
+    $tpl_vars['http_auth'] = 0;
 }
 
 # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
diff --git a/themes/default/login.twig b/themes/default/login.twig
index 0ae130bc..2e48052b 100644
--- a/themes/default/login.twig
+++ b/themes/default/login.twig
@@ -2,6 +2,7 @@
 
 {% block title %}{% trans "login to your poche" %}{% endblock %}
 {% block content %}
+    {% if http_auth == 0 %}
             <form method="post" action="?login" name="loginform">
                 <fieldset class="w500p center">
                     <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
@@ -29,4 +30,5 @@
                 <input type="hidden" name="returnurl" value="{{ referer }}">
                 <input type="hidden" name="token" value="{{ token }}">
             </form>
-{% endblock %}
\ No newline at end of file
+    {% endif %}
+{% endblock %}
-- 
cgit v1.2.3