diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 5c40b02..1d3ff0c 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php @@ -87,6 +87,17 @@ class Database { return $user_config; } + public function userExists($username) { + $sql = "SELECT * FROM users WHERE username=?"; + $query = $this->executeQuery($sql, array($username)); + $login = $query->fetchAll(); + if (isset($login[0])) { + return true; + } else { + return false; + } + } + public function login($username, $password) { $sql = "SELECT * FROM users WHERE username=? AND password=?"; $query = $this->executeQuery($sql, array($username, $password)); diff --git a/index.php b/index.php index d79f3f9..d400354 100644 --- a/index.php +++ b/index.php @@ -82,9 +82,17 @@ if (Session::isLogged()) { $tpl_file = Tools::getTplFile($view); $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); } elseif(isset($_SERVER['PHP_AUTH_USER'])) { - $poche->login($referer); + if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { + $poche->login($referer); + } else { + $poche->messages->add('e', _('login failed: user doesn\'t exist')); + Tools::logm('user doesn\'t exist'); + $tpl_file = Tools::getTplFile('login'); + $tpl_vars['http_auth'] = 1; + } } else { $tpl_file = Tools::getTplFile('login'); + $tpl_vars['http_auth'] = 0; } # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) diff --git a/themes/default/login.twig b/themes/default/login.twig index 0ae130b..2e48052 100644 --- a/themes/default/login.twig +++ b/themes/default/login.twig @@ -2,6 +2,7 @@ {% block title %}{% trans "login to your poche" %}{% endblock %} {% block content %} + {% if http_auth == 0 %}

{% trans "login to your poche" %}

@@ -29,4 +30,5 @@ -{% endblock %} \ No newline at end of file + {% endif %} +{% endblock %}