mirror of
https://github.com/moparisthebest/wallabag
synced 2024-11-27 03:12:21 -05:00
commit
1ba1628ed6
@ -87,6 +87,17 @@ class Database {
|
||||
return $user_config;
|
||||
}
|
||||
|
||||
public function userExists($username) {
|
||||
$sql = "SELECT * FROM users WHERE username=?";
|
||||
$query = $this->executeQuery($sql, array($username));
|
||||
$login = $query->fetchAll();
|
||||
if (isset($login[0])) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public function login($username, $password) {
|
||||
$sql = "SELECT * FROM users WHERE username=? AND password=?";
|
||||
$query = $this->executeQuery($sql, array($username, $password));
|
||||
|
@ -408,6 +408,7 @@ class Poche
|
||||
$compare_prod = version_compare(POCHE, $prod);
|
||||
$themes = $this->getInstalledThemes();
|
||||
$languages = $this->getInstalledLanguages();
|
||||
$http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false;
|
||||
$tpl_vars = array(
|
||||
'themes' => $themes,
|
||||
'languages' => $languages,
|
||||
@ -415,6 +416,7 @@ class Poche
|
||||
'prod' => $prod,
|
||||
'compare_dev' => $compare_dev,
|
||||
'compare_prod' => $compare_prod,
|
||||
'http_auth' => $http_auth,
|
||||
);
|
||||
Tools::logm('config view');
|
||||
break;
|
||||
@ -573,6 +575,21 @@ class Poche
|
||||
Tools::redirect('?view=config');
|
||||
}
|
||||
|
||||
/**
|
||||
* get credentials from differents sources
|
||||
* it redirects the user to the $referer link
|
||||
* @return array
|
||||
*/
|
||||
private function credentials() {
|
||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
return array($_SERVER['PHP_AUTH_USER'],'php_auth');
|
||||
}
|
||||
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||
return array($_POST['login'],$_POST['password']);
|
||||
}
|
||||
return array(false,false);
|
||||
}
|
||||
|
||||
/**
|
||||
* checks if login & password are correct and save the user in session.
|
||||
* it redirects the user to the $referer link
|
||||
@ -582,11 +599,17 @@ class Poche
|
||||
*/
|
||||
public function login($referer)
|
||||
{
|
||||
if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||
$user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']));
|
||||
list($login,$password)=$this->credentials();
|
||||
if($login === false || $password === false) {
|
||||
$this->messages->add('e', _('login failed: you have to fill all fields'));
|
||||
Tools::logm('login failed');
|
||||
Tools::redirect();
|
||||
}
|
||||
if (!empty($login) && !empty($password)) {
|
||||
$user = $this->store->login($login, Tools::encodeString($password . $login));
|
||||
if ($user != array()) {
|
||||
# Save login into Session
|
||||
Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user)));
|
||||
Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user)));
|
||||
$this->messages->add('s', _('welcome to your poche'));
|
||||
Tools::logm('login successful');
|
||||
Tools::redirect($referer);
|
||||
@ -594,10 +617,6 @@ class Poche
|
||||
$this->messages->add('e', _('login failed: bad login or password'));
|
||||
Tools::logm('login failed');
|
||||
Tools::redirect();
|
||||
} else {
|
||||
$this->messages->add('e', _('login failed: you have to fill all fields'));
|
||||
Tools::logm('login failed');
|
||||
Tools::redirect();
|
||||
}
|
||||
}
|
||||
|
||||
@ -814,4 +833,4 @@ class Poche
|
||||
}
|
||||
return $version;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
12
index.php
12
index.php
@ -81,8 +81,18 @@ if (Session::isLogged()) {
|
||||
$poche->action($action, $url, $id);
|
||||
$tpl_file = Tools::getTplFile($view);
|
||||
$tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
|
||||
} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
|
||||
$poche->login($referer);
|
||||
} else {
|
||||
$poche->messages->add('e', _('login failed: user doesn\'t exist'));
|
||||
Tools::logm('user doesn\'t exist');
|
||||
$tpl_file = Tools::getTplFile('login');
|
||||
$tpl_vars['http_auth'] = 1;
|
||||
}
|
||||
} else {
|
||||
$tpl_file = Tools::getTplFile('login');
|
||||
$tpl_vars['http_auth'] = 0;
|
||||
}
|
||||
|
||||
# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
|
||||
@ -90,4 +100,4 @@ $messages = $poche->messages->display('all', FALSE);
|
||||
$tpl_vars = array_merge($tpl_vars, array('messages' => $messages));
|
||||
|
||||
# display poche
|
||||
echo $poche->tpl->render($tpl_file, $tpl_vars);
|
||||
echo $poche->tpl->render($tpl_file, $tpl_vars);
|
||||
|
@ -66,6 +66,7 @@
|
||||
<input type="hidden" name="token" value="{{ token }}">
|
||||
</form>
|
||||
|
||||
{% if http_auth == 0 %}
|
||||
<h2>{% trans "Change your password" %}</h2>
|
||||
<form method="post" action="?config" name="loginform">
|
||||
<fieldset class="w500p">
|
||||
@ -84,6 +85,7 @@
|
||||
<input type="hidden" name="returnurl" value="{{ referer }}">
|
||||
<input type="hidden" name="token" value="{{ token }}">
|
||||
</form>
|
||||
{% endif %}
|
||||
|
||||
<h2>{% trans "Import" %}</h2>
|
||||
<p>{% trans "Please execute the import script locally, it can take a very long time." %}</p>
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
{% block title %}{% trans "login to your poche" %}{% endblock %}
|
||||
{% block content %}
|
||||
{% if http_auth == 0 %}
|
||||
<form method="post" action="?login" name="loginform">
|
||||
<fieldset class="w500p center">
|
||||
<h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
|
||||
@ -29,4 +30,5 @@
|
||||
<input type="hidden" name="returnurl" value="{{ referer }}">
|
||||
<input type="hidden" name="token" value="{{ token }}">
|
||||
</form>
|
||||
{% endblock %}
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
Loading…
Reference in New Issue
Block a user