Adding support for http_auth

inc/poche/Database.class.php

@@ -87,6 +87,17 @@ class Database {
         return $user_config;
     }
 
+    public function userExists($username) {
+        $sql = "SELECT * FROM users WHERE username=?";
+        $query = $this->executeQuery($sql, array($username));
+        $login = $query->fetchAll();
+        if (isset($login[0])) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
     public function login($username, $password) {
         $sql = "SELECT * FROM users WHERE username=? AND password=?";
         $query = $this->executeQuery($sql, array($username, $password));

index.php

@@ -82,9 +82,17 @@ if (Session::isLogged()) {
     $tpl_file = Tools::getTplFile($view);
     $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
 } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
-    $poche->login($referer);
+    if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
+        $poche->login($referer);
+    } else {
+        $poche->messages->add('e', _('login failed: user doesn\'t exist'));
+        Tools::logm('user doesn\'t exist');
+        $tpl_file = Tools::getTplFile('login');
+        $tpl_vars['http_auth'] = 1;
+    }
 } else {
     $tpl_file = Tools::getTplFile('login');
+    $tpl_vars['http_auth'] = 0;
 }
 
 # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)

themes/default/login.twig

@@ -2,6 +2,7 @@
 
 {% block title %}{% trans "login to your poche" %}{% endblock %}
 {% block content %}
+    {% if http_auth == 0 %}
             <form method="post" action="?login" name="loginform">
                 <fieldset class="w500p center">
                     <h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
@@ -29,4 +30,5 @@
                 <input type="hidden" name="returnurl" value="{{ referer }}">
                 <input type="hidden" name="token" value="{{ token }}">
             </form>
-{% endblock %}
+    {% endif %}
+{% endblock %}