[Koha-cvs] CVS: koha/C4 Auth.pm,1.41,1.42 Context.pm,1.23,1.24
Henri-Damien LAURENT
hdl at users.sourceforge.net
Tue Jul 26 17:58:49 CEST 2005
Update of /cvsroot/koha/koha/C4
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30720
Modified Files:
Auth.pm Context.pm
Log Message:
Bug Fixing for independantBranches support.
Addign a Cookie containing user specific vars such as :
branch,
firstname,
surname,
cardnumber...
may be criticized from a lawyer point of view, since name and surname are given.
But the real need is for userid and branch.
And it is achieved.
Auth passes now TWO cookies :
a session cookie
And an environment cookie.
Index: Auth.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Auth.pm,v
retrieving revision 1.41
retrieving revision 1.42
diff -C2 -r1.41 -r1.42
*** Auth.pm 26 Jul 2005 10:12:48 -0000 1.41
--- Auth.pm 26 Jul 2005 15:58:47 -0000 1.42
***************
*** 286,290 ****
my $loggedin = 0;
my %info;
! my ($userid, $cookie, $sessionID, $flags);
my $logout = $query->param('logout.x');
if ($userid = $ENV{'REMOTE_USER'}) {
--- 286,290 ----
my $loggedin = 0;
my %info;
! my ($userid, $cookie, $sessionID, $flags, $envcookie);
my $logout = $query->param('logout.x');
if ($userid = $ENV{'REMOTE_USER'}) {
***************
*** 295,300 ****
$loggedin = 1;
} elsif ($sessionID=$query->cookie('sessionID')) {
- warn "NEWUSERENV : ".$sessionID;
C4::Context->_new_userenv($sessionID);
my ($ip , $lasttime);
($userid, $ip, $lasttime) = $dbh->selectrow_array(
--- 295,310 ----
$loggedin = 1;
} elsif ($sessionID=$query->cookie('sessionID')) {
C4::Context->_new_userenv($sessionID);
+ if (my %hash=$query->cookie('userenv')){
+ C4::Context::set_userenv(
+ $hash{number},
+ $hash{id},
+ $hash{cardnumber},
+ $hash{firstname},
+ $hash{surname},
+ $hash{branch},
+ $hash{flags}
+ );
+ }
my ($ip , $lasttime);
($userid, $ip, $lasttime) = $dbh->selectrow_array(
***************
*** 358,389 ****
$sessionID=int(rand()*100000).'-'.time();
$userid=$query->param('userid');
- warn "NEWUSERENV : ".$sessionID;
C4::Context->_new_userenv($sessionID);
my $password=$query->param('password');
my ($return, $cardnumber) = checkpw($dbh,$userid,$password);
if ($return) {
! $dbh->do("DELETE FROM sessions WHERE sessionID=? AND userid=?",
! undef, ($sessionID, $userid));
! $dbh->do("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)",
! undef, ($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()));
! open L, ">>/tmp/sessionlog";
! my $time=localtime(time());
! printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
! close L;
! $cookie=$query->cookie(-name => 'sessionID',
! -value => $sessionID,
! -expires => '');
!
! if ($flags = haspermission($dbh, $userid, $flagsrequired)) {
! $loggedin = 1;
! } else {
! $info{'nopermission'} = 1;
! C4::Context->_unset_userenv($sessionID);
! }
} else {
! if ($userid) {
! $info{'invalid_username_or_password'} = 1;
! C4::Context->_unset_userenv($sessionID);
! }
}
}
--- 368,430 ----
$sessionID=int(rand()*100000).'-'.time();
$userid=$query->param('userid');
C4::Context->_new_userenv($sessionID);
my $password=$query->param('password');
my ($return, $cardnumber) = checkpw($dbh,$userid,$password);
if ($return) {
! $dbh->do("DELETE FROM sessions WHERE sessionID=? AND userid=?",
! undef, ($sessionID, $userid));
! $dbh->do("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)",
! undef, ($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()));
! open L, ">>/tmp/sessionlog";
! my $time=localtime(time());
! printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
! close L;
! $cookie=$query->cookie(-name => 'sessionID',
! -value => $sessionID,
! -expires => '');
!
! if ($flags = haspermission($dbh, $userid, $flagsrequired)) {
! $loggedin = 1;
! } else {
! $info{'nopermission'} = 1;
! C4::Context->_unset_userenv($sessionID);
! }
! if ($return == 1){
! my $sth=$dbh->prepare(
! "select cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode
! from borrowers where userid=?"
! );
! $sth->execute($userid);
! my ($cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow;
! my $hash = C4::Context::set_userenv(
! $bornum,
! $userid,
! $cardnumber,
! $firstname,
! $surname,
! $branchcode,
! $userflags
! );
! $envcookie=$query->cookie(-name => 'userenv',
! -value => $hash,
! -expires => '');
! } elsif ($return == 2) {
! #We suppose the user is the superlibrarian
! my $hash = C4::Context::set_userenv(
! 0,0,
! C4::Context->config('user'),
! C4::Context->config('user'),
! C4::Context->config('user'),
! "",1
! );
! $envcookie=$query->cookie(-name => 'userenv',
! -value => $hash,
! -expires => '');
! }
} else {
! if ($userid) {
! $info{'invalid_username_or_password'} = 1;
! C4::Context->_unset_userenv($sessionID);
! }
}
}
***************
*** 397,401 ****
-expires => '');
}
! return ($userid, $cookie, $sessionID, $flags);
}
# else we have a problem...
--- 438,447 ----
-expires => '');
}
! if ($envcookie){
! warn "envcookie set";
! return ($userid, [$cookie,$envcookie], $sessionID, $flags)
! } else {
! return ($userid, $cookie, $sessionID, $flags);
! }
}
# else we have a problem...
***************
*** 413,417 ****
my $self_url = $query->url(-absolute => 1);
! $template->param(url => $self_url, LibraryName=> => C4::Context->preference("LibraryName"),);
$template->param(\%info);
$cookie=$query->cookie(-name => 'sessionID',
--- 459,463 ----
my $self_url = $query->url(-absolute => 1);
! $template->param(url => $self_url, LibraryName=> C4::Context->preference("LibraryName"),);
$template->param(\%info);
$cookie=$query->cookie(-name => 'sessionID',
***************
*** 432,452 ****
my ($dbh, $userid, $password) = @_;
# INTERNAL AUTH
! my $sth=$dbh->prepare("select password,cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode from borrowers where userid=?");
$sth->execute($userid);
if ($sth->rows) {
! my ($md5password,$cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow;
if (md5_base64($password) eq $md5password) {
- warn "setuserenv1 $bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags";
- C4::Context->set_userenv($bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags);
return 1,$cardnumber;
}
}
! my $sth=$dbh->prepare("select password,cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode from borrowers where cardnumber=?");
$sth->execute($userid);
if ($sth->rows) {
! my ($md5password,$cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow;
if (md5_base64($password) eq $md5password) {
- warn "setuserenv2 $bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags";
- C4::Context->set_userenv($bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags);
return 1,$userid;
}
--- 478,494 ----
my ($dbh, $userid, $password) = @_;
# INTERNAL AUTH
! my $sth=$dbh->prepare("select password,cardnumber from borrowers where userid=?");
$sth->execute($userid);
if ($sth->rows) {
! my ($md5password,$cardnumber) = $sth->fetchrow;
if (md5_base64($password) eq $md5password) {
return 1,$cardnumber;
}
}
! my $sth=$dbh->prepare("select password from borrowers where cardnumber=?");
$sth->execute($userid);
if ($sth->rows) {
! my ($md5password) = $sth->fetchrow;
if (md5_base64($password) eq $md5password) {
return 1,$userid;
}
***************
*** 455,459 ****
# Koha superuser account
warn "setuserenv3";
- C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1);
return 2;
}
--- 497,500 ----
Index: Context.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Context.pm,v
retrieving revision 1.23
retrieving revision 1.24
diff -C2 -r1.23 -r1.24
*** Context.pm 26 Jul 2005 10:12:53 -0000 1.23
--- Context.pm 26 Jul 2005 15:58:47 -0000 1.24
***************
*** 234,238 ****
$self->{"marcfromkohafield"} = undef; # the hash with relations between koha table fields and MARC field/subfield
$self->{"userenv"} = undef; # User env
! $self->{"context"} = undef; # current active user
bless $self, $class;
--- 234,238 ----
$self->{"marcfromkohafield"} = undef; # the hash with relations between koha table fields and MARC field/subfield
$self->{"userenv"} = undef; # User env
! $self->{"activeuser"} = undef; # current active user
bless $self, $class;
***************
*** 614,628 ****
=cut
#'
sub userenv
{
! warn "activeuser : ".$context->{"activeuser"}."hash :".$context->{$context->{"activeuser"}};
! my $var = $context->{$context->{"activeuser"}};
! foreach my $key (sort keys %$context){
! warn "key : ".$key;
! }
! return $context->{$context->{"activeuser"}};
}
! =item set_userenv
C4::Context->set_userenv;
--- 614,638 ----
=cut
#'
+
+ =item userenv
+
+ C4::Context->userenv;
+
+ Builds a hash for user environment variables.
+
+ This hash shall be cached for future use: if you call
+ C<C4::Context-E<gt>userenv> twice, you will get the same hash without real DB access
+
+ set_userenv is called in Auth.pm
+
+ =cut
+ #'
sub userenv
{
! my $var = $context->{"activeuser"};
! return $context->{"userenv"}->{$var} if (defined $context->{"userenv"}->{$var});
}
! =item userenv
C4::Context->set_userenv;
***************
*** 637,645 ****
=cut
#'
! sub set_userenv
! {
my ($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $userflags)= @_;
! warn "SETTING : $usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $userflags";
! $context->{$context->{"activeuser"}}=\{
"number" => $usernum,
"id" => $userid,
--- 647,654 ----
=cut
#'
! sub set_userenv{
my ($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $userflags)= @_;
! my $var=$context->{"activeuser"};
! my $cell = {
"number" => $usernum,
"id" => $userid,
***************
*** 650,653 ****
--- 659,664 ----
"flags" => $userflags
};
+ $context->{userenv}->{$var} = $cell;
+ return $cell;
}
***************
*** 667,673 ****
sub _new_userenv
{
my ($sessionID)= @_;
! $context->{"activeuser"} = \$sessionID;
! $context->{$sessionID}=\();
}
--- 678,684 ----
sub _new_userenv
{
+ shift;
my ($sessionID)= @_;
! $context->{"activeuser"}=$sessionID;
}
***************
*** 684,689 ****
{
my ($sessionID)= @_;
! undef $context->{$sessionID};
undef $context->{"activeuser"} if ($context->{"activeuser"} eq $sessionID);
}
--- 695,701 ----
{
my ($sessionID)= @_;
! # undef $context->{$sessionID};
undef $context->{"activeuser"} if ($context->{"activeuser"} eq $sessionID);
+ # $context->{"activeuser"}--;
}
More information about the Koha-cvs
mailing list