From df6afaf0909506a334ef2b8c6f69770cd9890e0d Mon Sep 17 00:00:00 2001 From: Denis Sacchet Date: Sun, 20 Oct 2013 16:53:54 +0200 Subject: Added support for http_auth --- inc/poche/Poche.class.php | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 806da54b..0766cd51 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -408,6 +408,7 @@ class Poche $compare_prod = version_compare(POCHE, $prod); $themes = $this->getInstalledThemes(); $languages = $this->getInstalledLanguages(); + $http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false; $tpl_vars = array( 'themes' => $themes, 'languages' => $languages, @@ -415,6 +416,7 @@ class Poche 'prod' => $prod, 'compare_dev' => $compare_dev, 'compare_prod' => $compare_prod, + 'http_auth' => $http_auth, ); Tools::logm('config view'); break; @@ -573,6 +575,21 @@ class Poche Tools::redirect('?view=config'); } + /** + * get credentials from differents sources + * it redirects the user to the $referer link + * @return array + */ + private function credentials() { + if(isset($_SERVER['PHP_AUTH_USER'])) { + return array($_SERVER['PHP_AUTH_USER'],'php_auth'); + } + if(!empty($_POST['login']) && !empty($_POST['password'])) { + return array($_POST['login'],$_POST['password']); + } + return array(false,false); + } + /** * checks if login & password are correct and save the user in session. * it redirects the user to the $referer link @@ -582,11 +599,17 @@ class Poche */ public function login($referer) { - if (!empty($_POST['login']) && !empty($_POST['password'])) { - $user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])); + list($login,$password)=$this->credentials(); + if($login === false || $password === false) { + $this->messages->add('e', _('login failed: you have to fill all fields')); + Tools::logm('login failed'); + Tools::redirect(); + } + if (!empty($login) && !empty($password)) { + $user = $this->store->login($login, Tools::encodeString($password . $login)); if ($user != array()) { # Save login into Session - Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user))); + Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user))); $this->messages->add('s', _('welcome to your poche')); Tools::logm('login successful'); Tools::redirect($referer); @@ -594,10 +617,6 @@ class Poche $this->messages->add('e', _('login failed: bad login or password')); Tools::logm('login failed'); Tools::redirect(); - } else { - $this->messages->add('e', _('login failed: you have to fill all fields')); - Tools::logm('login failed'); - Tools::redirect(); } } @@ -814,4 +833,4 @@ class Poche } return $version; } -} \ No newline at end of file +} -- cgit v1.2.3 From 027b4e156853b4d5e358e19e83506ec4446de7ab Mon Sep 17 00:00:00 2001 From: Denis Sacchet Date: Sun, 20 Oct 2013 23:28:45 +0200 Subject: Adding support for http_auth --- inc/poche/Database.class.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'inc/poche') diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 5c40b026..1d3ff0c2 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php @@ -87,6 +87,17 @@ class Database { return $user_config; } + public function userExists($username) { + $sql = "SELECT * FROM users WHERE username=?"; + $query = $this->executeQuery($sql, array($username)); + $login = $query->fetchAll(); + if (isset($login[0])) { + return true; + } else { + return false; + } + } + public function login($username, $password) { $sql = "SELECT * FROM users WHERE username=? AND password=?"; $query = $this->executeQuery($sql, array($username, $password)); -- cgit v1.2.3