[Koha-cvs] CVS: koha/C4 Auth.pm,1.9.2.15,1.9.2.16 Output.pm,1.6.2.23,1.6.2.24
Finlay Thompson
finlayt at users.sourceforge.net
Thu Nov 14 23:17:25 CET 2002
Update of /cvsroot/koha/koha/C4
In directory usw-pr-cvs1:/tmp/cvs-serv5738
Modified Files:
Tag: rel-1-2
Auth.pm Output.pm
Log Message:
Added new method to Auth.pm: get_template_and_user to streamline authentification and templating
Rewrote most of Auth.pm too :-)
Index: Auth.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Auth.pm,v
retrieving revision 1.9.2.15
retrieving revision 1.9.2.16
diff -C2 -r1.9.2.15 -r1.9.2.16
*** Auth.pm 13 Nov 2002 03:02:45 -0000 1.9.2.15
--- Auth.pm 14 Nov 2002 22:17:21 -0000 1.9.2.16
***************
*** 26,29 ****
--- 26,30 ----
use C4::Koha;
use C4::Output;
+ use C4::Circulation::Circ2;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
***************
*** 36,42 ****
--- 37,67 ----
&checkauth
&getborrowernumber
+ &get_template_and_user
);
+ sub get_template_and_user {
+ my $in = shift;
+ my $template = gettemplate($in->{'template_name'}, $in->{'type'});
+ my ($user, $cookie, $sessionID, $flags)
+ = checkauth($in->{'query'}, $in->{'authnotrequired'}, $in->{'flagsrequired'});
+
+ my $borrowernumber;
+ if ($user) {
+ $template->param(loggedinuser => $user);
+ $template->param(sessionID => $sessionID);
+
+ $borrowernumber = getborrowernumber($user);
+ my ($borr, $flags) = getpatroninformation(undef, $borrowernumber);
+ my @bordat;
+ $bordat[0] = $borr;
+
+ $template->param(USER_INFO => \@bordat);
+ }
+ return ($template, $borrowernumber, $cookie);
+ }
+
+
+
sub getuserflags {
my $cardnumber=shift;
***************
*** 63,69 ****
($cardnumber) || ($cardnumber=$userid);
my $flags=getuserflags($cardnumber,$dbh);
- foreach my $fl (keys %$flags){
- warn "$fl : $flags->{$fl}\n";
- }
my $configfile=configfile();
if ($userid eq $configfile->{'user'}) {
--- 88,91 ----
***************
*** 83,214 ****
my $query=shift;
# $authnotrequired will be set for scripts which will run without authentication
! my $authnotrequired=shift;
! my $flagsrequired=shift;
! if (my $userid=$ENV{'REMOTE_USER'}) {
! # Using Basic Authentication, no cookies required
! my $cookie=$query->cookie(-name => 'sessionID',
! -value => '',
! -expires => '+1y');
! return ($userid, $cookie, '');
! }
! my $sessionID=$query->cookie('sessionID');
! my $template = gettemplate("opac-auth.tmpl", "opac");
my $dbh=C4Connect();
! my $sth=$dbh->prepare("SELECT userid,ip,lasttime FROM sessions WHERE sessionid=?");
! warn "SessionID = $sessionID\n";
! $sth->execute($sessionID);
! if ($sth->rows) {
! my ($userid, $ip, $lasttime) = $sth->fetchrow;
! if ($lasttime<time()-7200) {
! # timed logout
! $template->param( message => "You have been logged out due to inactivity.");
! my $sti=$dbh->prepare("DELETE FROM sessions WHERE sessionID=?");
! $sti->execute($sessionID);
! # my $scriptname=$ENV{'SCRIPT_NAME'};
! my $selfurl=$query->self_url();
! $sti=$dbh->prepare("INSERT INTO sessionqueries (sessionID, userid, url) VALUES (?, ?, ?)");
! $sti->execute($sessionID, $userid, $selfurl);
! $sti->finish;
open L, ">>/tmp/sessionlog";
my $time=localtime(time());
! printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time;
close L;
! } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
! # Different ip than originally logged in from
! my $newip=$ENV{'REMOTE_ADDR'};
! $template->param( message => "ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie from a different ip address.<br>(authenticated from $ip, this request from $newip)");
! } else {
! my $cookie=$query->cookie(-name => 'sessionID',
! -value => $sessionID,
! -expires => '+1y');
! my $sti=$dbh->prepare("UPDATE sessions SET lasttime=? WHERE sessionID=?");
! $sti->execute(time(), $sessionID);
!
! my $flags = haspermission($dbh, $userid, $flagsrequired);
! warn "Flags : $flags\n";
! if ($flags) {
! return ($userid, $cookie, $sessionID, $flags);
} else {
! $template->param(nopermission => 1);
! print "Content-Type: text/html\n\n", $template->output;
! exit;
}
}
}
! $sth->finish;
!
! if ($authnotrequired) {
! my $cookie=$query->cookie(-name => 'sessionID',
! -value => '',
! -expires => '+1y');
! return('', $cookie, '');
!
! } else {
! ($sessionID) || ($sessionID=int(rand()*100000).'-'.time());
! warn "sessionID : $sessionID";
! my $userid=$query->param('userid');
my $password=$query->param('password');
my ($return, $cardnumber) = checkpw($dbh,$userid,$password);
if ($return) {
! my $sti=$dbh->prepare("DELETE FROM sessions WHERE sessionID=? AND userid=?");
! $sti->execute($sessionID, $userid);
! $sti=$dbh->prepare("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)");
! $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
! $sti=$dbh->prepare("SELECT url FROM sessionqueries WHERE sessionID=? AND userid=?");
! $sti->execute($sessionID, $userid);
! if ($sti->rows) {
! my ($selfurl) = $sti->fetchrow;
! my $stj=$dbh->prepare("DELETE FROM sessionqueries WHERE sessionID=?");
! $stj->execute($sessionID);
! ($selfurl) || ($selfurl=$ENV{'SCRIPT_NAME'});
! print $query->redirect($selfurl);
! exit;
! }
open L, ">>/tmp/sessionlog";
my $time=localtime(time());
printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
close L;
! my $cookie=$query->cookie(-name => 'sessionID',
! -value => $sessionID,
! -expires => '+1y');
!
! if (my $flags = haspermission($dbh, $userid, $flagsrequired)) {
! return ($userid, $cookie, $sessionID, $flags);
} else {
! $template->param(nopermission => 1);
! print "Content-Type: text/html\n\n", $template->output;
! exit;
}
} else {
if ($userid) {
! $template->param(message => "Invalid userid or password entered.");
}
- warn "Im in here!\n";
- my @inputs;
- my $self_url = $query->self_url();
- foreach my $name (param $query) {
- (next) if ($name eq 'userid' || $name eq 'password');
- my $value = $query->param($name);
- push @inputs, {name => $name , value => $value};
- }
- @inputs = () unless @inputs;
- $template->param(INPUTS => \@inputs);
- my $cookie=$query->cookie(-name => 'sessionID',
- -value => $sessionID,
- -expires => '+1y');
-
- $template->param(loginprompt => 1);
-
- # Strip userid and password parameters off the self_url variable
-
- $self_url=~s/\?*userid=[^;]*;*//g;
- $self_url=~s/\?*password=[^;]*;*//g;
-
- $template->param(url => $self_url);
- print $query->header(-cookie=>$cookie), $template->output;
- exit;
}
}
}
--- 105,242 ----
my $query=shift;
# $authnotrequired will be set for scripts which will run without authentication
! my $authnotrequired = shift;
! my $flagsrequired = shift;
! # state variables
my $dbh=C4Connect();
! my $loggedin = 0;
! my %info;
! my ($userid, $cookie, $sessionID, $flags);
! my $logout = $query->param('logout.x');
! if ($userid = $ENV{'REMOTE_USER'}) {
! # Using Basic Authentication, no cookies required
! $cookie=$query->cookie(-name => 'sessionID',
! -value => '',
! -expires => '+1y');
! $loggedin = 1;
! } elsif ($sessionID=$query->cookie('sessionID')) {
! my ($ip , $lasttime);
! ($userid, $ip, $lasttime) = $dbh->selectrow_array(
! "SELECT userid,ip,lasttime FROM sessions WHERE sessionid=?",
! undef, $sessionID);
! if ($logout) {
! warn "In logout!\n";
! # voluntary logout the user
! $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID);
! $sessionID = undef;
! $userid = undef;
open L, ">>/tmp/sessionlog";
my $time=localtime(time());
! printf L "%20s from %16s logged out at %30s (manually).\n", $userid, $ip, $time;
close L;
! }
! if ($userid) {
! if ($lasttime<time()-7200) {
! # timed logout
! $info{'timed_out'} = 1;
! $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID);
! $sessionID = undef;
! open L, ">>/tmp/sessionlog";
! my $time=localtime(time());
! printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time;
! close L;
! } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
! # Different ip than originally logged in from
! $info{'oldip'} = $ip;
! $info{'newip'} = $ENV{'REMOTE_ADDR'};
! $info{'different_ip'} = 1;
! $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID);
! $sessionID = undef;
! open L, ">>/tmp/sessionlog";
! my $time=localtime(time());
! printf L "%20s from logged out at %30s (ip changed from %16s to %16s).\n", $userid, $time, $ip, $info{'newip'};
! close L;
} else {
! $cookie=$query->cookie(-name => 'sessionID',
! -value => $sessionID,
! -expires => '+1y');
! $dbh->do("UPDATE sessions SET lasttime=? WHERE sessionID=?",
! undef, (time(), $sessionID));
! $flags = haspermission($dbh, $userid, $flagsrequired);
! if ($flags) {
! $loggedin = 1;
! } else {
! $info{'nopermission'} = 1;
! }
}
}
}
! unless ($sessionID) {
! $sessionID=int(rand()*100000).'-'.time();
! $userid=$query->param('userid');
my $password=$query->param('password');
my ($return, $cardnumber) = checkpw($dbh,$userid,$password);
if ($return) {
! $dbh->do("DELETE FROM sessions WHERE sessionID=? AND userid=?",
! undef, ($sessionID, $userid));
! $dbh->do("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)",
! undef, ($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()));
open L, ">>/tmp/sessionlog";
my $time=localtime(time());
printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
close L;
! $cookie=$query->cookie(-name => 'sessionID',
! -value => $sessionID,
! -expires => '+1y');
! if ($flags = haspermission($dbh, $userid, $flagsrequired)) {
! $loggedin = 1;
} else {
! $info{'nopermission'} = 1;
}
} else {
if ($userid) {
! $info{'invalid_username_or_password'};
}
}
}
+ # finished authentification, now respond
+ if ($loggedin || $authnotrequired) {
+ # successful login
+ unless ($cookie) {
+ $cookie=$query->cookie(-name => 'sessionID',
+ -value => '',
+ -expires => '+1y');
+ }
+ return ($userid, $cookie, $sessionID, $flags);
+ exit;
+ }
+ # else we have a problem...
+ # get the inputs from the incoming query
+ my @inputs;
+ foreach my $name (param $query) {
+ (next) if ($name eq 'userid' || $name eq 'password');
+ my $value = $query->param($name);
+ push @inputs, {name => $name , value => $value};
+ }
+ @inputs = () unless @inputs;
+
+ my $template = gettemplate("opac-auth.tmpl", "opac");
+ $template->param(INPUTS => \@inputs);
+ $template->param(loginprompt => 1) unless $info{'nopermission'};
+
+ my $self_url = $query->self_url();
+ # Strip userid and password parameters off the self_url variable
+ $self_url=~s/\?*userid=[^;]*;*//g;
+ $self_url=~s/\?*password=[^;]*;*//g;
+ $template->param(url => $self_url);
+
+ $template->param(\%info);
+ $cookie=$query->cookie(-name => 'sessionID',
+ -value => $sessionID,
+ -expires => '+1y');
+ print $query->header(-cookie=>$cookie), $template->output;
+ exit;
}
+
+
Index: Output.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Output.pm,v
retrieving revision 1.6.2.23
retrieving revision 1.6.2.24
diff -C2 -r1.6.2.23 -r1.6.2.24
*** Output.pm 30 Oct 2002 23:00:21 -0000 1.6.2.23
--- Output.pm 14 Nov 2002 22:17:22 -0000 1.6.2.24
***************
*** 3,9 ****
# $Id$
! #package to deal with marking up output
! #You will need to edit parts of this pm
! #set the value of path to be where your html lives
--- 3,9 ----
# $Id$
! # package to deal with marking up output
! # You will need to edit parts of this pm
! # set the value of path to be where your html lives
***************
*** 31,34 ****
--- 31,35 ----
use C4::Database;
use C4::Koha;
+ use C4::Auth; # checkauth, getborrowernumber.
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
***************
*** 67,71 ****
&gotopage &mkformnotable &mkform3
&getkeytableselectoptions
! &picktemplate &themelanguage &gettemplate
);
%EXPORT_TAGS = ( ); # eg: TAG => [ qw!name1 name2! ],
--- 68,72 ----
&gotopage &mkformnotable &mkform3
&getkeytableselectoptions
! &picktemplate &themelanguage &gettemplate
);
%EXPORT_TAGS = ( ); # eg: TAG => [ qw!name1 name2! ],
***************
*** 98,104 ****
# Change this value to reflect where you will store your includes
#
! my $configfile=configfile();
! my $path=$configfile->{'includes'};
($path) || ($path="/usr/local/www/hdl/htdocs/includes");
--- 99,105 ----
# Change this value to reflect where you will store your includes
#
! my $configfile = configfile();
! my $path = $configfile->{'includes'};
($path) || ($path="/usr/local/www/hdl/htdocs/includes");
More information about the Koha-cvs
mailing list