+ $userid = $query->param('userid');
+ C4::Context->_new_userenv($sessionID);
+ my $password = $query->param('password');
+ C4::Context->_new_userenv($sessionID);
+ my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
+ if ($return) {
+ open L, ">>/tmp/sessionlog";
+ my $time = localtime( time() );
+ printf L "%20s from %16s logged in at %30s.\n", $userid,
+ $ENV{'REMOTE_ADDR'}, $time;
+ close L;
+ $cookie = $query->cookie(CGISESSID => $sessionID);
+ if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
+ $loggedin = 1;
+ }
+ else {
+ $info{'nopermission'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+ if ( $return == 1 ) {
+ my (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ );
+ my $sth =
+ $dbh->prepare(
+"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname,branches.branchprinter as branchprinter, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where userid=?"
+ );
+ $sth->execute($userid);
+ (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ )
+ = $sth->fetchrow
+ if ( $sth->rows );
+
+# warn "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress";
+ unless ( $sth->rows ) {
+ my $sth =
+ $dbh->prepare(
+"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname, branches.branchprinter as branchprinter, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where cardnumber=?"
+ );
+ $sth->execute($cardnumber);
+ (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ )
+ = $sth->fetchrow
+ if ( $sth->rows );
+
+# warn "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress";
+ unless ( $sth->rows ) {
+ $sth->execute($userid);
+ (
+ $borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress
+ )
+ = $sth->fetchrow
+ if ( $sth->rows );
+ }
+ }
+
+# launch a sequence to check if we have a ip for the branch, if we have one we replace the branchcode of the userenv by the branch bound in the ip.
+ my $ip = $ENV{'REMOTE_ADDR'};
+ # if they specify at login, use that
+ if ($query->param('branch')) {
+ $branchcode = $query->param('branch');
+ $branchname = GetBranchName($branchcode);
+ }
+ my $branches = GetBranches();
+ my @branchesloop;
+ foreach my $br ( keys %$branches ) {
+ # now we work with the treatment of ip
+ my $domain = $branches->{$br}->{'branchip'};
+ if ( $domain && $ip =~ /^$domain/ ) {
+ $branchcode = $branches->{$br}->{'branchcode'};
+
+ # new op dev : add the branchprinter and branchname in the cookie
+ $branchprinter = $branches->{$br}->{'branchprinter'};
+ $branchname = $branches->{$br}->{'branchname'};
+ }
+ }
+ $session->param('number',$borrowernumber);
+ $session->param('id',$userid);
+ $session->param('cardnumber',$cardnumber);
+ $session->param('firstname',$firstname);
+ $session->param('surname',$surname);
+ $session->param('branch',$branchcode);
+ $session->param('branchname',$branchname);
+ $session->param('flags',$userflags);
+ $session->param('emailaddress',$emailaddress);
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+# warn "".$session->param('cardnumber').", ".$session->param('firstname').",
+# ".$session->param('surname').", ".$session->param('branch');
+ }
+ elsif ( $return == 2 ) {
+ #We suppose the user is the superlibrarian
+ $session->param('number',0);
+ $session->param('id',C4::Context->config('user'));
+ $session->param('cardnumber',C4::Context->config('user'));
+ $session->param('firstname',C4::Context->config('user'));
+ $session->param('surname',C4::Context->config('user'));
+ $session->param('branch','NO_LIBRARY_SET');
+ $session->param('branchname','NO_LIBRARY_SET');
+ $session->param('flags',1);
+ $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ }
+ if ($session){
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+ }
+ }
+
+ else {
+ if ($userid) {
+ $info{'invalid_username_or_password'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+ }
+ }
+ my $insecure = C4::Context->boolean_preference('insecure');
+
+ # finished authentification, now respond
+ if ( $loggedin || $authnotrequired || ( defined($insecure) && $insecure ) )
+ {
+ # successful login
+ unless ($cookie) {
+ $cookie = $query->cookie( CGISESSID => ''
+ );
+ }
+ return ( $userid, $cookie, $sessionID, $flags );
+
+ }
+
+#
+#
+# AUTH rejected, show the login/password template, after checking the DB.
+#
+#
+
+ # get the inputs from the incoming query
+ my @inputs = ();
+ foreach my $name ( param $query) {
+ (next) if ( $name eq 'userid' || $name eq 'password' );
+ my $value = $query->param($name);
+ push @inputs, { name => $name, value => $value };
+ }
+ # get the branchloop, which we need for authentication
+ my $branches = GetBranches();
+ my @branch_loop;
+ for my $branch_hash (keys %$branches) {
+ push @branch_loop, {branchcode => "$branch_hash", branchname => $branches->{$branch_hash}->{'branchname'}, };
+ }
+
+ # check that database and koha version are the same
+ # there is no DB version, it's a fresh install,
+ # go to web installer
+ # there is a DB version, compare it to the code version
+ my $kohaversion=C4::Context::KOHAVERSION;
+ # remove the 3 last . to have a Perl number
+ $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/;
+# warn "kohaversion : $kohaversion";
+ if (C4::Context->preference('Version') < $kohaversion){
+ if ($type ne 'opac'){
+ warn "Database update needed, redirecting to Installer. Database is ".C4::Context->preference('Version')." and Koha is : ".C4::Context->config("kohaversion");
+ print $query->redirect("/cgi-bin/koha/installer/install.pl?step=3");
+ } else {
+ warn "OPAC :Database update needed, redirecting to maintenance. Database is ".C4::Context->preference('Version')." and Koha is : ".C4::Context->config("kohaversion");
+ print $query->redirect("/cgi-bin/koha/maintenance.pl");
+ }
+ exit;
+ }
+ my $template_name;
+ if ( $type eq 'opac' ) {
+ $template_name = "opac-auth.tmpl";
+ }
+ else {
+ $template_name = "auth.tmpl";
+ }
+ my $template = gettemplate( $template_name, $type, $query );
+ $template->param(branchloop => \@branch_loop,);
+ $template->param(
+ login => 1,
+ INPUTS => \@inputs,
+ suggestion => C4::Context->preference("suggestion"),
+ virtualshelves => C4::Context->preference("virtualshelves"),
+ opaclargeimage => C4::Context->preference("opaclargeimage"),
+ LibraryName => C4::Context->preference("LibraryName"),
+ OpacNav => C4::Context->preference("OpacNav"),
+ opaccredits => C4::Context->preference("opaccredits"),
+ opacreadinghistory => C4::Context->preference("opacreadinghistory"),
+ opacsmallimage => C4::Context->preference("opacsmallimage"),
+ opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"),
+ opaccolorstylesheet => C4::Context->preference("opaccolorstylesheet"),
+ opaclanguagesdisplay => C4::Context->preference("opaclanguagesdisplay"),
+ opacuserjs => C4::Context->preference("opacuserjs"),
+
+ intranetcolorstylesheet =>
+ C4::Context->preference("intranetcolorstylesheet"),
+ intranetstylesheet => C4::Context->preference("intranetstylesheet"),
+ IntranetNav => C4::Context->preference("IntranetNav"),
+ intranetuserjs => C4::Context->preference("intranetuserjs"),
+ TemplateEncoding => C4::Context->preference("TemplateEncoding"),
+ IndependantBranches => C4::Context->preference("IndependantBranches"),
+ AutoLocation => C4::Context->preference("AutoLocation"),
+ );
+ $template->param( loginprompt => 1 ) unless $info{'nopermission'};
+
+ my $self_url = $query->url( -absolute => 1 );
+ $template->param(
+ url => $self_url,
+ LibraryName => => C4::Context->preference("LibraryName"),
+ );
+ $template->param( \%info );
+# $cookie = $query->cookie(CGISESSID => $session->id
+# );
+ print $query->header(
+ -type => 'text/html',
+ -charset => 'utf-8',
+ -cookie => $cookie
+ ),
+ $template->output;
+ exit;