[Koha-patches] [PATCH] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.

Thu Dec 16 11:26:11 CET 2010

---
 C4/Auth.pm                                         |    5 +++--
 installer/data/mysql/en/mandatory/sysprefs.sql     |    2 ++
 installer/data/mysql/updatedatabase.pl             |    6 ++++++
 .../prog/en/modules/admin/preferences/admin.pref   |    9 ++++++++-
 kohaversion.pl                                     |    2 +-
 5 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 2f13b86..7b0233b 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -913,6 +913,7 @@ sub checkauth {
     login        => 1,
         INPUTS               => \@inputs,
         casAuthentication    => C4::Context->preference("casAuthentication"),
+	remoteipcheck        => C4::Context->preference("remoteipcheck"),
         suggestion           => C4::Context->preference("suggestion"),
         virtualshelves       => C4::Context->preference("virtualshelves"),
         LibraryName          => C4::Context->preference("LibraryName"),
@@ -1061,7 +1062,7 @@ sub check_api_auth {
                 $userid    = undef;
                 $sessionID = undef;
                 return ("expired", undef, undef);
-            } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+            } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
                 # IP address changed
                 $session->delete();
                 C4::Context->_unset_userenv($sessionID);
@@ -1287,7 +1288,7 @@ sub check_cookie_auth {
             $userid    = undef;
             $sessionID = undef;
             return ("expired", undef);
-        } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+        } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
             # IP address changed
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql
index 1806657..48415f5 100644
--- a/installer/data/mysql/en/mandatory/sysprefs.sql
+++ b/installer/data/mysql/en/mandatory/sysprefs.sql
@@ -278,3 +278,5 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES
 INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ILS-DI:AuthorizedIPs','','.','Restricts usage of ILS-DI to some IPs','Free');
 INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES ('OverduesBlockCirc','noblock','When checking out an item should overdues block checkout, generate a confirmation dialogue, or allow checkout','noblock|confirmation|block','Choice');
 INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES ('DisplayMultiPlaceHold','1','Display the ability to place multiple holds or not','','YesNo');
+INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in Remote IP address for Session Security . Disable when remote ip address changes frequently.','','YesNo');
+
diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl
index ac272ce..093ddfb 100755
--- a/installer/data/mysql/updatedatabase.pl
+++ b/installer/data/mysql/updatedatabase.pl
@@ -3915,6 +3915,12 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
     SetVersion ($DBversion);
 }
 
+$DBversion = '3.03.00.010';
+if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
+    $dbh->do("INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in  Remote IP address for Session Security. Disable when remote ip address changes frequently.','','YesNo')");
+    print "Upgrade to $DBversion done adding syspref Check for Change in  Remote IP address for Session Security. Disable when remote ip address changes frequently.";
+    SetVersion ($DBversion);
+}
 
 
 =head1 FUNCTIONS
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
index 3ef972b..dd1dac2 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
@@ -41,7 +41,14 @@ Administration:
                   no: "Don't allow"
             - staff and patrons to create and view saved lists of books.
     Login options:
-        -
+	-
+            - pref: remoteipcheck
+              default: 0
+              choices:
+                  yes: Enable
+                  no: "Disable"
+            - Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
+      	-
             - pref: insecure
               default: 0
               choices:
diff --git a/kohaversion.pl b/kohaversion.pl
index a6e56b3..ad61294 100644
--- a/kohaversion.pl
+++ b/kohaversion.pl
@@ -16,7 +16,7 @@ the kohaversion is divided in 4 parts :
 use strict;
 
 sub kohaversion {
-    our $VERSION = '3.03.00.009';
+    our $VERSION = '3.03.00.010';
     # version needs to be set this way
     # so that it can be picked up by Makefile.PL
     # during install
-- 
1.6.4.2

