1
0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-23 17:42:15 -05:00
This commit is contained in:
Nicolas Lœuillet 2013-10-22 08:51:30 +02:00
commit b6d859fa92
5 changed files with 54 additions and 10 deletions

View File

@ -87,6 +87,17 @@ class Database {
return $user_config;
}
public function userExists($username) {
$sql = "SELECT * FROM users WHERE username=?";
$query = $this->executeQuery($sql, array($username));
$login = $query->fetchAll();
if (isset($login[0])) {
return true;
} else {
return false;
}
}
public function login($username, $password) {
$sql = "SELECT * FROM users WHERE username=? AND password=?";
$query = $this->executeQuery($sql, array($username, $password));

View File

@ -408,6 +408,7 @@ class Poche
$compare_prod = version_compare(POCHE, $prod);
$themes = $this->getInstalledThemes();
$languages = $this->getInstalledLanguages();
$http_auth = (isset($_SERVER['PHP_AUTH_USER']))?true:false;
$tpl_vars = array(
'themes' => $themes,
'languages' => $languages,
@ -415,6 +416,7 @@ class Poche
'prod' => $prod,
'compare_dev' => $compare_dev,
'compare_prod' => $compare_prod,
'http_auth' => $http_auth,
);
Tools::logm('config view');
break;
@ -573,6 +575,21 @@ class Poche
Tools::redirect('?view=config');
}
/**
* get credentials from differents sources
* it redirects the user to the $referer link
* @return array
*/
private function credentials() {
if(isset($_SERVER['PHP_AUTH_USER'])) {
return array($_SERVER['PHP_AUTH_USER'],'php_auth');
}
if(!empty($_POST['login']) && !empty($_POST['password'])) {
return array($_POST['login'],$_POST['password']);
}
return array(false,false);
}
/**
* checks if login & password are correct and save the user in session.
* it redirects the user to the $referer link
@ -582,11 +599,17 @@ class Poche
*/
public function login($referer)
{
if (!empty($_POST['login']) && !empty($_POST['password'])) {
$user = $this->store->login($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']));
list($login,$password)=$this->credentials();
if($login === false || $password === false) {
$this->messages->add('e', _('login failed: you have to fill all fields'));
Tools::logm('login failed');
Tools::redirect();
}
if (!empty($login) && !empty($password)) {
$user = $this->store->login($login, Tools::encodeString($password . $login));
if ($user != array()) {
# Save login into Session
Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user)));
Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user)));
$this->messages->add('s', _('welcome to your poche'));
Tools::logm('login successful');
Tools::redirect($referer);
@ -594,10 +617,6 @@ class Poche
$this->messages->add('e', _('login failed: bad login or password'));
Tools::logm('login failed');
Tools::redirect();
} else {
$this->messages->add('e', _('login failed: you have to fill all fields'));
Tools::logm('login failed');
Tools::redirect();
}
}

View File

@ -81,8 +81,18 @@ if (Session::isLogged()) {
$poche->action($action, $url, $id);
$tpl_file = Tools::getTplFile($view);
$tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
$poche->login($referer);
} else {
$poche->messages->add('e', _('login failed: user doesn\'t exist'));
Tools::logm('user doesn\'t exist');
$tpl_file = Tools::getTplFile('login');
$tpl_vars['http_auth'] = 1;
}
} else {
$tpl_file = Tools::getTplFile('login');
$tpl_vars['http_auth'] = 0;
}
# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)

View File

@ -66,6 +66,7 @@
<input type="hidden" name="token" value="{{ token }}">
</form>
{% if http_auth == 0 %}
<h2>{% trans "Change your password" %}</h2>
<form method="post" action="?config" name="loginform">
<fieldset class="w500p">
@ -84,6 +85,7 @@
<input type="hidden" name="returnurl" value="{{ referer }}">
<input type="hidden" name="token" value="{{ token }}">
</form>
{% endif %}
<h2>{% trans "Import" %}</h2>
<p>{% trans "Please execute the import script locally, it can take a very long time." %}</p>

View File

@ -2,6 +2,7 @@
{% block title %}{% trans "login to your poche" %}{% endblock %}
{% block content %}
{% if http_auth == 0 %}
<form method="post" action="?login" name="loginform">
<fieldset class="w500p center">
<h2 class="mbs txtcenter">{% trans "login to your poche" %}</h2>
@ -29,4 +30,5 @@
<input type="hidden" name="returnurl" value="{{ referer }}">
<input type="hidden" name="token" value="{{ token }}">
</form>
{% endif %}
{% endblock %}