fix of bug #368 Endless redirects or user doesn't exist with basic authentication

This commit is contained in:
Maryana Rozhankivska 2014-01-30 16:35:31 +02:00
parent f4fbfaa7cb
commit 6af66b1106
2 changed files with 18 additions and 12 deletions

View File

@ -165,9 +165,14 @@ class Database {
} }
} }
public function login($username, $password) { public function login($username, $password, $isauthenticated=false) {
$sql = "SELECT * FROM users WHERE username=? AND password=?"; if ($isauthenticated) {
$query = $this->executeQuery($sql, array($username, $password)); $sql = "SELECT * FROM users WHERE username=?";
$query = $this->executeQuery($sql, array($username));
} else {
$sql = "SELECT * FROM users WHERE username=? AND password=?";
$query = $this->executeQuery($sql, array($username, $password));
}
$login = $query->fetchAll(); $login = $query->fetchAll();
$user = array(); $user = array();

View File

@ -692,17 +692,17 @@ class Poche
*/ */
private function credentials() { private function credentials() {
if(isset($_SERVER['PHP_AUTH_USER'])) { if(isset($_SERVER['PHP_AUTH_USER'])) {
return array($_SERVER['PHP_AUTH_USER'],'php_auth'); return array($_SERVER['PHP_AUTH_USER'],'php_auth',true);
} }
if(!empty($_POST['login']) && !empty($_POST['password'])) { if(!empty($_POST['login']) && !empty($_POST['password'])) {
return array($_POST['login'],$_POST['password']); return array($_POST['login'],$_POST['password'],false);
} }
if(isset($_SERVER['REMOTE_USER'])) { if(isset($_SERVER['REMOTE_USER'])) {
return array($_SERVER['REMOTE_USER'],'http_auth'); return array($_SERVER['REMOTE_USER'],'http_auth',true);
} }
return array(false,false); return array(false,false,false);
} }
/** /**
* checks if login & password are correct and save the user in session. * checks if login & password are correct and save the user in session.
@ -713,18 +713,19 @@ class Poche
*/ */
public function login($referer) public function login($referer)
{ {
list($login,$password)=$this->credentials(); list($login,$password,$isauthenticated)=$this->credentials();
if($login === false || $password === false) { if($login === false || $password === false) {
$this->messages->add('e', _('login failed: you have to fill all fields')); $this->messages->add('e', _('login failed: you have to fill all fields'));
Tools::logm('login failed'); Tools::logm('login failed');
Tools::redirect(); Tools::redirect();
} }
if (!empty($login) && !empty($password)) { if (!empty($login) && !empty($password)) {
$user = $this->store->login($login, Tools::encodeString($password . $login)); $user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated);
if ($user != array()) { if ($user != array()) {
# Save login into Session # Save login into Session
$longlastingsession = isset($_POST['longlastingsession']); $longlastingsession = isset($_POST['longlastingsession']);
Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user))); $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login);
Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user)));
$this->messages->add('s', _('welcome to your poche')); $this->messages->add('s', _('welcome to your poche'));
Tools::logm('login successful'); Tools::logm('login successful');
Tools::redirect($referer); Tools::redirect($referer);