mirror of
https://github.com/wallabag/wallabag.git
synced 2025-01-05 12:06:52 +01:00
fix of bug #368 Endless redirects or user doesn't exist with basic authentication
This commit is contained in:
parent
f4fbfaa7cb
commit
6af66b1106
@ -165,9 +165,14 @@ class Database {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function login($username, $password) {
|
public function login($username, $password, $isauthenticated=false) {
|
||||||
$sql = "SELECT * FROM users WHERE username=? AND password=?";
|
if ($isauthenticated) {
|
||||||
$query = $this->executeQuery($sql, array($username, $password));
|
$sql = "SELECT * FROM users WHERE username=?";
|
||||||
|
$query = $this->executeQuery($sql, array($username));
|
||||||
|
} else {
|
||||||
|
$sql = "SELECT * FROM users WHERE username=? AND password=?";
|
||||||
|
$query = $this->executeQuery($sql, array($username, $password));
|
||||||
|
}
|
||||||
$login = $query->fetchAll();
|
$login = $query->fetchAll();
|
||||||
|
|
||||||
$user = array();
|
$user = array();
|
||||||
|
@ -692,17 +692,17 @@ class Poche
|
|||||||
*/
|
*/
|
||||||
private function credentials() {
|
private function credentials() {
|
||||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
return array($_SERVER['PHP_AUTH_USER'],'php_auth');
|
return array($_SERVER['PHP_AUTH_USER'],'php_auth',true);
|
||||||
}
|
}
|
||||||
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||||
return array($_POST['login'],$_POST['password']);
|
return array($_POST['login'],$_POST['password'],false);
|
||||||
}
|
}
|
||||||
if(isset($_SERVER['REMOTE_USER'])) {
|
if(isset($_SERVER['REMOTE_USER'])) {
|
||||||
return array($_SERVER['REMOTE_USER'],'http_auth');
|
return array($_SERVER['REMOTE_USER'],'http_auth',true);
|
||||||
}
|
}
|
||||||
|
|
||||||
return array(false,false);
|
return array(false,false,false);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* checks if login & password are correct and save the user in session.
|
* checks if login & password are correct and save the user in session.
|
||||||
@ -713,18 +713,19 @@ class Poche
|
|||||||
*/
|
*/
|
||||||
public function login($referer)
|
public function login($referer)
|
||||||
{
|
{
|
||||||
list($login,$password)=$this->credentials();
|
list($login,$password,$isauthenticated)=$this->credentials();
|
||||||
if($login === false || $password === false) {
|
if($login === false || $password === false) {
|
||||||
$this->messages->add('e', _('login failed: you have to fill all fields'));
|
$this->messages->add('e', _('login failed: you have to fill all fields'));
|
||||||
Tools::logm('login failed');
|
Tools::logm('login failed');
|
||||||
Tools::redirect();
|
Tools::redirect();
|
||||||
}
|
}
|
||||||
if (!empty($login) && !empty($password)) {
|
if (!empty($login) && !empty($password)) {
|
||||||
$user = $this->store->login($login, Tools::encodeString($password . $login));
|
$user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated);
|
||||||
if ($user != array()) {
|
if ($user != array()) {
|
||||||
# Save login into Session
|
# Save login into Session
|
||||||
$longlastingsession = isset($_POST['longlastingsession']);
|
$longlastingsession = isset($_POST['longlastingsession']);
|
||||||
Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user)));
|
$passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login);
|
||||||
|
Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user)));
|
||||||
$this->messages->add('s', _('welcome to your poche'));
|
$this->messages->add('s', _('welcome to your poche'));
|
||||||
Tools::logm('login successful');
|
Tools::logm('login successful');
|
||||||
Tools::redirect($referer);
|
Tools::redirect($referer);
|
||||||
|
Loading…
Reference in New Issue
Block a user