[Koha-cvs] CVS: koha/C4 Auth.pm,1.5,1.6

Steve Tonnesen tonnesen at users.sourceforge.net
Fri Jul 5 21:56:38 CEST 2002 

Update of /cvsroot/koha/koha/C4
In directory usw-pr-cvs1:/tmp/cvs-serv29098

Modified Files:
	Auth.pm 
Log Message:
Auth.pm now checks the password againts a new field in the borrowers table
(password).   There is also a new "userid" field in the borrowers table.  When
a user logs in, the userid will be checked against the userid first and the
cardnumber second, so either method will work.


Index: Auth.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Auth.pm,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** Auth.pm	5 Jul 2002 05:03:37 -0000	1.5
--- Auth.pm	5 Jul 2002 19:56:35 -0000	1.6
***************
*** 37,41 ****
      if ($sth->rows) {
  	my ($userid, $ip, $lasttime) = $sth->fetchrow;
! 	if ($lasttime<time()-20 && $userid ne 'tonnesen') {
  	    # timed logout
  	    warn "$sessionID logged out due to inactivity.";
--- 37,41 ----
      if ($sth->rows) {
  	my ($userid, $ip, $lasttime) = $sth->fetchrow;
! 	if ($lasttime<time()-40 && $userid ne 'tonnesen') {
  	    # timed logout
  	    warn "$sessionID logged out due to inactivity.";
***************
*** 49,54 ****
  	} elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
  	    # Different ip than originally logged in from
! 	    warn "$sessionID came from a new ip address.";
! 	    $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie from a different ip address.";
  	} else {
  	    my $cookie=$query->cookie(-name => 'sessionID',
--- 49,56 ----
  	} elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
  	    # Different ip than originally logged in from
! 	    my $newip=$ENV{'REMOTE_ADDR'};
! 	    warn "$sessionID came from a new ip address (authenticated from $ip, this request from $newip).";
! 
! 	    $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie from a different ip address.<br>(authenticated from $ip, this request from $newip)";
  	} else {
  	    my $cookie=$query->cookie(-name => 'sessionID',
***************
*** 74,78 ****
  	my $userid=$query->param('userid');
  	my $password=$query->param('password');
! 	if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') {
  	    my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
  	    $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
--- 76,81 ----
  	my $userid=$query->param('userid');
  	my $password=$query->param('password');
! 	if (checkpw($dbh, $userid, $password)) {
! 	#if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') {
  	    my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
  	    $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
***************
*** 101,107 ****
  
  <form method=post>
! <table border=0 cellpadding=10 width=60%>
      <tr><td align=center valign=top>
!     <table border=0 bgcolor=#dddddd cellpadding=10>
      <tr><th colspan=2 background=/images/background-mem.gif><font size=+2>Koha Login</font></th></tr>
      <tr><td>Name:</td><td><input name=userid></td></tr>
--- 104,111 ----
  
  <form method=post>
! <table border=0 cellpadding=10 cellspacing=0 width=60%>
      <tr><td align=center valign=top>
! 
!     <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
      <tr><th colspan=2 background=/images/background-mem.gif><font size=+2>Koha Login</font></th></tr>
      <tr><td>Name:</td><td><input name=userid></td></tr>
***************
*** 112,119 ****
      </td><td align=center valign=top>
  
!     <table border=0 bgcolor=#dddddd cellpadding=10>
      <tr><th background=/images/background-mem.gif><font size=+2>Demo Information</font></th></tr>
      <td>
!     Log in as librarian/koha or patron/koha.  The timeout is set to 20 seconds of
      inactivity for the purposes of this demo.  You can navigate to the Circulation
      or Acquisitions modules and you should see an indicator in the upper left of
--- 116,123 ----
      </td><td align=center valign=top>
  
!     <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
      <tr><th background=/images/background-mem.gif><font size=+2>Demo Information</font></th></tr>
      <td>
!     Log in as librarian/koha or patron/koha.  The timeout is set to 40 seconds of
      inactivity for the purposes of this demo.  You can navigate to the Circulation
      or Acquisitions modules and you should see an indicator in the upper left of
***************
*** 133,136 ****
--- 137,166 ----
  	}
      }
+ }
+ 
+ 
+ sub checkpw {
+ 
+ # This should be modified to allow a select of authentication schemes (ie LDAP)
+ # as well as local authentication through the borrowers tables passwd field
+ #
+     my ($dbh, $userid, $password) = @_;
+     my $sth=$dbh->prepare("select password from borrowers where userid=?");
+     $sth->execute($userid);
+     if ($sth->rows) {
+ 	my ($cryptpassword) = $sth->fetchrow;
+ 	if (crypt($password, $cryptpassword) eq $cryptpassword) {
+ 	    return 1;
+ 	}
+     }
+     my $sth=$dbh->prepare("select password from borrowers where cardnumber=?");
+     $sth->execute($userid);
+     if ($sth->rows) {
+ 	my ($cryptpassword) = $sth->fetchrow;
+ 	if (crypt($password, $cryptpassword) eq $cryptpassword) {
+ 	    return 1;
+ 	}
+     }
+     return 0;
  }

More information about the Koha-cvs mailing list