[Koha-devel] Re: latest cvs

Sun Dec 8 12:35:03 CET 2002

Lets see if I can help out with how Auth.pm works:

1) the "users" table is actually called borrowers, and has "userid" and 
"password" fields. Note that Auth checks userid and then on cardnumber, 
so you can always login with your cardnumber instead of userid.

2) the kohaadmin login:password is special, it is collected from 
/etc/koha.conf, which is accessed through C4::Context

3) It is possible to add a userid and password to a borrowers account by 
going to the page:
<intranet-root>/cgi-bin/koha/moremember.pl?bornum=<borrowernumber>

The "right" way to get there is to search on a member name and click on 
the cardnumber link. Then you will need to login with the kohaadmin 
login:password.

On the moremember page there is "Password" link. On the member-password 
page you can enter a userid and password.

4) userflags. The authentification system is rather incomplete at 
present. Only some of the pages are currently calling Auth::checkauth. 
Eventually all the pages should be calling Auth::checkauth.

checkauth takes a $flagsrequired hash. This sets which userflags a 
required for the given borrower to access the page. If the borrower does 
not have the right userflags set C4::Auth will not allow the user to 
access the page. The following are possible flags:
+------------------+-----------------------------------------------------+
| flag             | flagdesc                                            |
+------------------+-----------------------------------------------------+
| superlibrarian   | Access to all librarian functions                   |
| circulate        | Circulate books                                     |
| catalogue        | Catalogue books                                     |
| parameters       | Set Koha system paramters                           |
| borrowers        | Add or modify borrowers                             |
| permissions      | Set user permissions                                |
| reserveforothers | Reserve books for patrons                           |
| borrow           | Borrow books                                        |
| reserveforself   | Reserve books for self                              |
| editcatalogue    | Edit Catalogue (Modify bibliographic/holdings data) |
| updatecharges    | Update borrower charges                             |
+------------------+-----------------------------------------------------+

you can also set the flags for a borrower by clicking on the "Modify 
User Flags" link from the moremember page.

4a) There is a default setting on the userflags table. It is possible to 
set every borrower to "borrow" forexample using this part of the table.

5) the password is stored in the database and encripted using md5 
encryption. Im not sure exactly how it works exactly, but you can have a 
look yourself :-)

I hope this small explanation helps,
Finlay

>>Does anyone know the structure of the users table (i.e., how are
>>user names stored in the usercode field? how is the password stored?
>>what is the meaning of the "level" field? and what is the relation
>>between the "usercode" field and access to the intranet module)?
>>>From a cursory glance of Auth.pm and Security.pm, it seems that
>>user names are stored in uppercase and passwords are MD5-hashed,
>>but I can't seem to be able create a valid user to log on to the
>>librarian interface.  Thanks very much!
>>
>>    
>>