+
+# -*- tab-width: 8 -*-
+# NOTE: This file uses 8-character tabs; do not change the tab size!
+
package C4::Auth;
# Copyright 2000-2002 Katipo Communications
use strict;
use Digest::MD5 qw(md5_base64);
+use CGI::Session;
require Exporter;
use C4::Context;
-use C4::Output; # to get the template
-use C4::Interface::CGI::Output;
-use C4::Circulation::Circ2; # getpatroninformation
+use C4::Output; # to get the template
+use C4::Members;
+use C4::Koha;
+use C4::Branch; # GetBranches
+
+# use utf8;
+# use Net::LDAP;
+# use Net::LDAP qw(:all);
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
# set the version for version checking
-$VERSION = 0.01;
+$VERSION = 3.00;
=head1 NAME
my $query = new CGI;
my ($template, $borrowernumber, $cookie)
- = get_template_and_user({template_name => "opac-main.tmpl",
- query => $query,
- type => "opac",
- authnotrequired => 1,
- flagsrequired => {borrow => 1},
- });
+ = get_template_and_user(
+ {
+ template_name => "opac-main.tmpl",
+ query => $query,
+ type => "opac",
+ authnotrequired => 1,
+ flagsrequired => {borrow => 1},
+ }
+ );
print $query->header(
- -type => guesstype($template->output),
+ -type => 'utf-8',
-cookie => $cookie
), $template->output;
=cut
-
-
-@ISA = qw(Exporter);
+@ISA = qw(Exporter);
@EXPORT = qw(
- &checkauth
- &get_template_and_user
+ &checkauth
+ &get_template_and_user
+);
+@EXPORT_OK = qw(
+ &check_api_auth
+ &get_session
+ &check_cookie_auth
);
=item get_template_and_user
my ($template, $borrowernumber, $cookie)
- = get_template_and_user({template_name => "opac-main.tmpl",
- query => $query,
- type => "opac",
- authnotrequired => 1,
- flagsrequired => {borrow => 1},
- });
-
- This call passes the C<query>, C<flagsrequired> and C<authnotrequired> to
- C<&checkauth> (in this module) to perform authentification. See below
- for more information on the C<&checkauth> subroutine.
+ = get_template_and_user(
+ {
+ template_name => "opac-main.tmpl",
+ query => $query,
+ type => "opac",
+ authnotrequired => 1,
+ flagsrequired => {borrow => 1},
+ }
+ );
+
+ This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
+ to C<&checkauth> (in this module) to perform authentification.
+ See C<&checkauth> for an explanation of these parameters.
The C<template_name> is then used to find the correct template for
the page. The authenticated users details are loaded onto the
if cookies are disabled. It needs to be put as and input to every
authenticated page.
- more information on the C<gettemplate> sub can be found in the
+ More information on the C<gettemplate> sub can be found in the
Output.pm module.
=cut
-
sub get_template_and_user {
- my $in = shift;
- my $template = gettemplate($in->{'template_name'}, $in->{'type'});
- my ($user, $cookie, $sessionID, $flags)
- = checkauth($in->{'query'}, $in->{'authnotrequired'}, $in->{'flagsrequired'}, $in->{'type'});
+ my $in = shift;
+ my $template =
+ gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} );
+ my ( $user, $cookie, $sessionID, $flags ) = checkauth(
+ $in->{'query'},
+ $in->{'authnotrequired'},
+ $in->{'flagsrequired'},
+ $in->{'type'}
+ ) unless ($in->{'template_name'}=~/maintenance/);
my $borrowernumber;
- if ($user) {
- $template->param(loggedinuser => $user);
- $template->param(sessionID => $sessionID);
-
- $borrowernumber = getborrowernumber($user);
- my ($borr, $flags) = getpatroninformation(undef, $borrowernumber);
- my @bordat;
- $bordat[0] = $borr;
-
- $template->param(USER_INFO => \@bordat);
+ my $insecure = C4::Context->preference('insecure');
+ if ($user or $insecure) {
+
+ # load the template variables for stylesheets and JavaScript
+ $template->param( css_libs => $in->{'css_libs'} );
+ $template->param( css_module => $in->{'css_module'} );
+ $template->param( css_page => $in->{'css_page'} );
+ $template->param( css_widgets => $in->{'css_widgets'} );
+
+ $template->param( js_libs => $in->{'js_libs'} );
+ $template->param( js_module => $in->{'js_module'} );
+ $template->param( js_page => $in->{'js_page'} );
+ $template->param( js_widgets => $in->{'js_widgets'} );
+
+ # user info
+ $template->param( loggedinusername => $user );
+ $template->param( sessionID => $sessionID );
+
+ $borrowernumber = getborrowernumber($user);
+ my ( $borr, $alternativeflags ) =
+ GetMemberDetails( $borrowernumber );
+ my @bordat;
+ $bordat[0] = $borr;
+ $template->param( "USER_INFO" => \@bordat );
+
+ # We are going to use the $flags returned by checkauth
+ # to create the template's parameters that will indicate
+ # which menus the user can access.
+ if (( $flags && $flags->{superlibrarian}==1) or $insecure==1) {
+ $template->param( CAN_user_circulate => 1 );
+ $template->param( CAN_user_catalogue => 1 );
+ $template->param( CAN_user_parameters => 1 );
+ $template->param( CAN_user_borrowers => 1 );
+ $template->param( CAN_user_permission => 1 );
+ $template->param( CAN_user_reserveforothers => 1 );
+ $template->param( CAN_user_borrow => 1 );
+ $template->param( CAN_user_editcatalogue => 1 );
+ $template->param( CAN_user_updatecharge => 1 );
+ $template->param( CAN_user_acquisition => 1 );
+ $template->param( CAN_user_management => 1 );
+ $template->param( CAN_user_tools => 1 );
+ $template->param( CAN_user_editauthorities => 1 );
+ $template->param( CAN_user_serials => 1 );
+ $template->param( CAN_user_reports => 1 );
+ }
+
+ if ( $flags && $flags->{circulate} == 1 ) {
+ $template->param( CAN_user_circulate => 1 );
+ }
+
+ if ( $flags && $flags->{catalogue} == 1 ) {
+ $template->param( CAN_user_catalogue => 1 );
+ }
+
+ if ( $flags && $flags->{parameters} == 1 ) {
+ $template->param( CAN_user_parameters => 1 );
+ $template->param( CAN_user_management => 1 );
+ }
+
+ if ( $flags && $flags->{borrowers} == 1 ) {
+ $template->param( CAN_user_borrowers => 1 );
+ }
+
+ if ( $flags && $flags->{permissions} == 1 ) {
+ $template->param( CAN_user_permission => 1 );
+ }
+
+ if ( $flags && $flags->{reserveforothers} == 1 ) {
+ $template->param( CAN_user_reserveforothers => 1 );
+ }
+
+ if ( $flags && $flags->{borrow} == 1 ) {
+ $template->param( CAN_user_borrow => 1 );
+ }
+
+ if ( $flags && $flags->{editcatalogue} == 1 ) {
+ $template->param( CAN_user_editcatalogue => 1 );
+ }
+
+ if ( $flags && $flags->{updatecharges} == 1 ) {
+ $template->param( CAN_user_updatecharge => 1 );
+ }
+
+ if ( $flags && $flags->{acquisition} == 1 ) {
+ $template->param( CAN_user_acquisition => 1 );
+ }
+
+ if ( $flags && $flags->{tools} == 1 ) {
+ $template->param( CAN_user_tools => 1 );
+ }
+
+ if ( $flags && $flags->{editauthorities} == 1 ) {
+ $template->param( CAN_user_editauthorities => 1 );
+ }
+
+ if ( $flags && $flags->{serials} == 1 ) {
+ $template->param( CAN_user_serials => 1 );
+ }
+
+ if ( $flags && $flags->{reports} == 1 ) {
+ $template->param( CAN_user_reports => 1 );
+ }
+ }
+ if ( $in->{'type'} eq "intranet" ) {
+ $template->param(
+ intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
+ intranetstylesheet => C4::Context->preference("intranetstylesheet"),
+ IntranetNav => C4::Context->preference("IntranetNav"),
+ intranetuserjs => C4::Context->preference("intranetuserjs"),
+ TemplateEncoding => C4::Context->preference("TemplateEncoding"),
+ AmazonContent => C4::Context->preference("AmazonContent"),
+ LibraryName => C4::Context->preference("LibraryName"),
+ LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
+ LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"),
+ LoginFirstname => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
+ LoginSurname => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu",
+ AutoLocation => C4::Context->preference("AutoLocation"),
+ hide_marc => C4::Context->preference("hide_marc"),
+ patronimages => C4::Context->preference("patronimages"),
+ "BiblioDefaultView".C4::Context->preference("IntranetBiblioDefaultView") => 1,
+ advancedMARCEditor => C4::Context->preference("advancedMARCEditor"),
+ suggestion => C4::Context->preference("suggestion"),
+ virtualshelves => C4::Context->preference("virtualshelves"),
+ LibraryName => C4::Context->preference("LibraryName"),
+ KohaAdminEmailAddress => "" . C4::Context->preference("KohaAdminEmailAddress"),
+ IntranetmainUserblock => C4::Context->preference("IntranetmainUserblock"),
+ IndependantBranches => C4::Context->preference("IndependantBranches"),
+ CircAutocompl => C4::Context->preference("CircAutocompl"),
+ yuipath => C4::Context->preference("yuipath"),
+ );
+ }
+ else {
+ warn "template type should be OPAC, here it is=[" . $in->{'type'} . "]" unless ( $in->{'type'} eq 'opac' );
+ my $LibraryNameTitle = C4::Context->preference("LibraryName");
+ $LibraryNameTitle =~ s/<(?:\/?)(?:br|p)\s*(?:\/?)>/ /sgi;
+ $LibraryNameTitle =~ s/<(?:[^<>'"]|'(?:[^']*)'|"(?:[^"]*)")*>//sg;
+ $template->param(
+ KohaAdminEmailAddress => "" . C4::Context->preference("KohaAdminEmailAddress"),
+ AnonSuggestions => "" . C4::Context->preference("AnonSuggestions"),
+ suggestion => "" . C4::Context->preference("suggestion"),
+ virtualshelves => "" . C4::Context->preference("virtualshelves"),
+ OpacNav => "" . C4::Context->preference("OpacNav"),
+ opacheader => "" . C4::Context->preference("opacheader"),
+ opaccredits => "" . C4::Context->preference("opaccredits"),
+ opacsmallimage => "" . C4::Context->preference("opacsmallimage"),
+ opaclargeimage => "" . C4::Context->preference("opaclargeimage"),
+ opaclayoutstylesheet => "". C4::Context->preference("opaclayoutstylesheet"),
+ opaccolorstylesheet => "". C4::Context->preference("opaccolorstylesheet"),
+ opaclanguagesdisplay => "". C4::Context->preference("opaclanguagesdisplay"),
+ opacuserlogin => "" . C4::Context->preference("opacuserlogin"),
+ opacbookbag => "" . C4::Context->preference("opacbookbag"),
+ TemplateEncoding => "". C4::Context->preference("TemplateEncoding"),
+ AmazonContent => "" . C4::Context->preference("AmazonContent"),
+ LibraryName => "" . C4::Context->preference("LibraryName"),
+ LibraryNameTitle => "" . $LibraryNameTitle,
+ LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
+ LoginBranchname => C4::Context->userenv?C4::Context->userenv->{"branchname"}:"",
+ LoginFirstname => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
+ LoginSurname => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu",
+ OpacPasswordChange => C4::Context->preference("OpacPasswordChange"),
+ opacreadinghistory => C4::Context->preference("opacreadinghistory"),
+ opacuserjs => C4::Context->preference("opacuserjs"),
+ OpacCloud => C4::Context->preference("OpacCloud"),
+ OpacTopissue => C4::Context->preference("OpacTopissue"),
+ OpacAuthorities => C4::Context->preference("OpacAuthorities"),
+ OpacBrowser => C4::Context->preference("OpacBrowser"),
+ RequestOnOpac => C4::Context->preference("RequestOnOpac"),
+ reviewson => C4::Context->preference("reviewson"),
+ hide_marc => C4::Context->preference("hide_marc"),
+ patronimages => C4::Context->preference("patronimages"),
+ mylibraryfirst => C4::Context->preference("SearchMyLibraryFirst"),
+ "BiblioDefaultView".C4::Context->preference("BiblioDefaultView") => 1,
+ );
}
- return ($template, $borrowernumber, $cookie);
+ return ( $template, $borrowernumber, $cookie );
}
-
=item checkauth
($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type);
-Verifies that the user is authorized to run this script. Note that
-C<&checkauth> will return if and only if the user is authorized, so it
-should be called early on, before any unfinished operations (i.e., if
-you've opened a file, then C<&checkauth> won't close it for you).
+Verifies that the user is authorized to run this script. If
+the user is authorized, a (userid, cookie, session-id, flags)
+quadruple is returned. If the user is not authorized but does
+not have the required privilege (see $flagsrequired below), it
+displays an error page and exits. Otherwise, it displays the
+login page and exits.
+
+Note that C<&checkauth> will return if and only if the user
+is authorized, so it should be called early on, before any
+unfinished operations (e.g., if you've opened a file, then
+C<&checkauth> won't close it for you).
C<$query> is the CGI object for the script calling C<&checkauth>.
ensures that the user is authorized to run scripts that require
authorization.
-XXXX Some more information about the flagsrequired hash should go in here.
+The C<$flagsrequired> argument specifies the required privileges
+the user must have if the username and password are correct.
+It should be specified as a reference-to-hash; keys in the hash
+should be the "flags" for the user, as specified in the Members
+intranet module. Any key specified must correspond to a "flag"
+in the userflags table. E.g., { circulate => 1 } would specify
+that the user must have the "circulate" privilege in order to
+proceed. To make sure that access control is correct, the
+C<$flagsrequired> parameter must be specified correctly.
+
+The C<$type> argument specifies whether the template should be
+retrieved from the opac or intranet directory tree. "opac" is
+assumed if it is not specified; however, if C<$type> is specified,
+"intranet" is assumed if it is not "opac".
If C<$query> does not have a valid session ID associated with it
(i.e., the user has not logged in) or if the session has expired,
(this time, C<&checkauth> returns).
The login page is provided using a HTML::Template, which is set in the
-systempreferences table or at the top of this file. The variable C<$type>
+systempreferences table or at the top of this file. The variable C<$type>
selects which template to use, either the opac or the intranet
authentification template.
=cut
-
-
sub checkauth {
- my $query=shift;
+ my $query = shift;
+ # warn "Checking Auth";
# $authnotrequired will be set for scripts which will run without authentication
my $authnotrequired = shift;
- my $flagsrequired = shift;
- my $type = shift;
+ my $flagsrequired = shift;
+ my $type = shift;
$type = 'opac' unless $type;
- my $dbh = C4::Context->dbh;
+ my $dbh = C4::Context->dbh;
my $timeout = C4::Context->preference('timeout');
- $timeout = 120 unless $timeout;
-
- my $template_name;
- if ($type eq 'opac') {
- $template_name = "opac-auth.tmpl";
- } else {
- $template_name = "auth.tmpl";
+ # days
+ if ($timeout =~ /(\d*)[dD]/) {
+ $timeout = $1 * 86400;
+ };
+ $timeout = 600 unless $timeout;
+
+ # If Version syspref is unavailable, it means Koha is beeing installed,
+ # and so we must redirect to OPAC maintenance page or to the WebInstaller
+ #warn "about to check version";
+ unless (C4::Context->preference('Version')) {
+ if ($type ne 'opac') {
+ warn "Install required, redirecting to Installer";
+ print $query->redirect("/cgi-bin/koha/installer/install.pl");
+ }
+ else {
+ warn "OPAC Install required, redirecting to maintenance";
+ print $query->redirect("/cgi-bin/koha/maintenance.pl");
+ }
+ exit;
}
+
# state variables
my $loggedin = 0;
my %info;
- my ($userid, $cookie, $sessionID, $flags);
+ my ( $userid, $cookie, $sessionID, $flags );
my $logout = $query->param('logout.x');
- if ($userid = $ENV{'REMOTE_USER'}) {
- # Using Basic Authentication, no cookies required
- $cookie=$query->cookie(-name => 'sessionID',
- -value => '',
- -expires => '');
- $loggedin = 1;
- } elsif ($sessionID=$query->cookie('sessionID')) {
- my ($ip , $lasttime);
- ($userid, $ip, $lasttime) = $dbh->selectrow_array(
- "SELECT userid,ip,lasttime FROM sessions WHERE sessionid=?",
- undef, $sessionID);
- if ($logout) {
- warn "In logout!\n";
- # voluntary logout the user
- $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID);
- $sessionID = undef;
- $userid = undef;
- open L, ">>/tmp/sessionlog";
- my $time=localtime(time());
- printf L "%20s from %16s logged out at %30s (manually).\n", $userid, $ip, $time;
- close L;
- }
- if ($userid) {
- if ($lasttime<time()-$timeout) {
- # timed logout
- $info{'timed_out'} = 1;
- $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID);
- $userid = undef;
- $sessionID = undef;
- open L, ">>/tmp/sessionlog";
- my $time=localtime(time());
- printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time;
- close L;
- } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
- # Different ip than originally logged in from
- $info{'oldip'} = $ip;
- $info{'newip'} = $ENV{'REMOTE_ADDR'};
- $info{'different_ip'} = 1;
- $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID);
- $sessionID = undef;
- $userid = undef;
- open L, ">>/tmp/sessionlog";
- my $time=localtime(time());
- printf L "%20s from logged out at %30s (ip changed from %16s to %16s).\n", $userid, $time, $ip, $info{'newip'};
- close L;
- } else {
- $cookie=$query->cookie(-name => 'sessionID',
- -value => $sessionID,
- -expires => '');
- $dbh->do("UPDATE sessions SET lasttime=? WHERE sessionID=?",
- undef, (time(), $sessionID));
- $flags = haspermission($dbh, $userid, $flagsrequired);
- if ($flags) {
- $loggedin = 1;
- } else {
- $info{'nopermission'} = 1;
- }
- }
- }
+ if ( $userid = $ENV{'REMOTE_USER'} ) {
+ # Using Basic Authentication, no cookies required
+ $cookie = $query->cookie(
+ -name => 'CGISESSID',
+ -value => '',
+ -expires => ''
+ );
+ $loggedin = 1;
+ }
+ elsif ( $sessionID = $query->cookie("CGISESSID")) {
+ my $session = get_session($sessionID);
+ C4::Context->_new_userenv($sessionID);
+ if ($session){
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+# warn "".$session->param('cardnumber').", ".$session->param('firstname').",
+# ".$session->param('surname').", ".$session->param('branch');
+ }
+ my $ip;
+ my $lasttime;
+ if ($session) {
+ $ip = $session->param('ip');
+ $lasttime = $session->param('lasttime');
+ $userid = $session->param('id');
+ }
+
+
+ if ($logout) {
+
+ # voluntary logout the user
+
+ $session->flush;
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $sessionID = undef;
+ $userid = undef;
+ open L, ">>/tmp/sessionlog";
+ my $time = localtime( time() );
+ printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
+ $ip, $time;
+ close L;
+ }
+ if ($userid) {
+ if ( $lasttime < time() - $timeout ) {
+ # timed logout
+ $info{'timed_out'} = 1;
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ open L, ">>/tmp/sessionlog";
+ my $time = localtime( time() );
+ printf L "%20s from %16s logged out at %30s (inactivity).\n",
+ $userid, $ip, $time;
+ close L;
+ }
+ elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+ # Different ip than originally logged in from
+ $info{'oldip'} = $ip;
+ $info{'newip'} = $ENV{'REMOTE_ADDR'};
+ $info{'different_ip'} = 1;
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $sessionID = undef;
+ $userid = undef;
+ open L, ">>/tmp/sessionlog";
+ my $time = localtime( time() );
+ printf L
+"%20s from logged out at %30s (ip changed from %16s to %16s).\n",
+ $userid, $time, $ip, $info{'newip'};
+ close L;
+ }
+ else {
+ $cookie = $query->cookie( CGISESSID => $session->id );
+ $session->param('lasttime',time());
+ $flags = haspermission( $dbh, $userid, $flagsrequired );
+ if ($flags) {
+ $loggedin = 1;
+ }
+ else {
+ $info{'nopermission'} = 1;
+ }
+ }
+ }
}
unless ($userid) {
- $sessionID=int(rand()*100000).'-'.time();
- $userid=$query->param('userid');
- my $password=$query->param('password');
- my ($return, $cardnumber) = checkpw($dbh,$userid,$password);
- if ($return) {
- $dbh->do("DELETE FROM sessions WHERE sessionID=? AND userid=?",
- undef, ($sessionID, $userid));
- $dbh->do("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)",
- undef, ($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()));
- open L, ">>/tmp/sessionlog";
- my $time=localtime(time());
- printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
- close L;
- $cookie=$query->cookie(-name => 'sessionID',
- -value => $sessionID,
- -expires => '');
- if ($flags = haspermission($dbh, $userid, $flagsrequired)) {
- $loggedin = 1;
- } else {
- $info{'nopermission'} = 1;
- }
- } else {
- if ($userid) {
- $info{'invalid_username_or_password'} = 1;
- }
- }
- }
- my $insecure = C4::Context->preference("insecure");
+ my $session = get_session("");
+
+ my $sessionID;
+ if ($session) {
+ $sessionID = $session->id;
+ }
+ $userid = $query->param('userid');
+ C4::Context->_new_userenv($sessionID);
+ my $password = $query->param('password');
+ C4::Context->_new_userenv($sessionID);
+ my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
+ if ($return) {
+ open L, ">>/tmp/sessionlog";
+ my $time = localtime( time() );
+ printf L "%20s from %16s logged in at %30s.\n", $userid,
+ $ENV{'REMOTE_ADDR'}, $time;
+ close L;
+ $cookie = $query->cookie(CGISESSID => $sessionID);
+ if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
+ $loggedin = 1;
+ }
+ else {
+ $info{'nopermission'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+ if ( $return == 1 ) {
+ my (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ );
+ my $sth =
+ $dbh->prepare(
+"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname,branches.branchprinter as branchprinter, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where userid=?"
+ );
+ $sth->execute($userid);
+ (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ )
+ = $sth->fetchrow
+ if ( $sth->rows );
+
+# warn "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress";
+ unless ( $sth->rows ) {
+ my $sth =
+ $dbh->prepare(
+"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname, branches.branchprinter as branchprinter, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where cardnumber=?"
+ );
+ $sth->execute($cardnumber);
+ (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ )
+ = $sth->fetchrow
+ if ( $sth->rows );
+
+# warn "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress";
+ unless ( $sth->rows ) {
+ $sth->execute($userid);
+ (
+ $borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress
+ )
+ = $sth->fetchrow
+ if ( $sth->rows );
+ }
+ }
+
+# launch a sequence to check if we have a ip for the branch, if we have one we replace the branchcode of the userenv by the branch bound in the ip.
+ my $ip = $ENV{'REMOTE_ADDR'};
+ # if they specify at login, use that
+ if ($query->param('branch')) {
+ $branchcode = $query->param('branch');
+ $branchname = GetBranchName($branchcode);
+ }
+ my $branches = GetBranches();
+ my @branchesloop;
+ foreach my $br ( keys %$branches ) {
+ # now we work with the treatment of ip
+ my $domain = $branches->{$br}->{'branchip'};
+ if ( $domain && $ip =~ /^$domain/ ) {
+ $branchcode = $branches->{$br}->{'branchcode'};
+
+ # new op dev : add the branchprinter and branchname in the cookie
+ $branchprinter = $branches->{$br}->{'branchprinter'};
+ $branchname = $branches->{$br}->{'branchname'};
+ }
+ }
+ $session->param('number',$borrowernumber);
+ $session->param('id',$userid);
+ $session->param('cardnumber',$cardnumber);
+ $session->param('firstname',$firstname);
+ $session->param('surname',$surname);
+ $session->param('branch',$branchcode);
+ $session->param('branchname',$branchname);
+ $session->param('flags',$userflags);
+ $session->param('emailaddress',$emailaddress);
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+# warn "".$session->param('cardnumber').", ".$session->param('firstname').",
+# ".$session->param('surname').", ".$session->param('branch');
+ }
+ elsif ( $return == 2 ) {
+ #We suppose the user is the superlibrarian
+ $session->param('number',0);
+ $session->param('id',C4::Context->config('user'));
+ $session->param('cardnumber',C4::Context->config('user'));
+ $session->param('firstname',C4::Context->config('user'));
+ $session->param('surname',C4::Context->config('user'));
+ $session->param('branch','NO_LIBRARY_SET');
+ $session->param('branchname','NO_LIBRARY_SET');
+ $session->param('flags',1);
+ $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ }
+ if ($session){
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+ }
+ }
+
+ else {
+ if ($userid) {
+ $info{'invalid_username_or_password'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+ }
+ }
+ my $insecure = C4::Context->boolean_preference('insecure');
+
# finished authentification, now respond
- if ($loggedin || $authnotrequired ||(defined($insecure) && $insecure eq "yes")) {
- # successful login
- unless ($cookie) {
- $cookie=$query->cookie(-name => 'sessionID',
- -value => '',
- -expires => '');
- }
- return ($userid, $cookie, $sessionID, $flags);
- }
- # else we have a problem...
+ if ( $loggedin || $authnotrequired || ( defined($insecure) && $insecure ) )
+ {
+ # successful login
+ unless ($cookie) {
+ $cookie = $query->cookie( CGISESSID => ''
+ );
+ }
+ return ( $userid, $cookie, $sessionID, $flags );
+
+ }
+
+#
+#
+# AUTH rejected, show the login/password template, after checking the DB.
+#
+#
+
# get the inputs from the incoming query
- my @inputs =();
- foreach my $name (param $query) {
- (next) if ($name eq 'userid' || $name eq 'password');
- my $value = $query->param($name);
- push @inputs, {name => $name , value => $value};
- }
-
- my $template = gettemplate($template_name, $type);
- $template->param(INPUTS => \@inputs);
- $template->param(loginprompt => 1) unless $info{'nopermission'};
-
- my $self_url = $query->url(-absolute => 1);
- $template->param(url => $self_url);
- $template->param(\%info);
- $cookie=$query->cookie(-name => 'sessionID',
- -value => $sessionID,
- -expires => '');
+ my @inputs = ();
+ foreach my $name ( param $query) {
+ (next) if ( $name eq 'userid' || $name eq 'password' );
+ my $value = $query->param($name);
+ push @inputs, { name => $name, value => $value };
+ }
+ # get the branchloop, which we need for authentication
+ my $branches = GetBranches();
+ my @branch_loop;
+ for my $branch_hash (keys %$branches) {
+ push @branch_loop, {branchcode => "$branch_hash", branchname => $branches->{$branch_hash}->{'branchname'}, };
+ }
+
+ # check that database and koha version are the same
+ # there is no DB version, it's a fresh install,
+ # go to web installer
+ # there is a DB version, compare it to the code version
+ my $kohaversion=C4::Context::KOHAVERSION;
+ # remove the 3 last . to have a Perl number
+ $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/;
+# warn "kohaversion : $kohaversion";
+ if (C4::Context->preference('Version') < $kohaversion){
+ if ($type ne 'opac'){
+ warn "Database update needed, redirecting to Installer. Database is ".C4::Context->preference('Version')." and Koha is : ".C4::Context->config("kohaversion");
+ print $query->redirect("/cgi-bin/koha/installer/install.pl?step=3");
+ } else {
+ warn "OPAC :Database update needed, redirecting to maintenance. Database is ".C4::Context->preference('Version')." and Koha is : ".C4::Context->config("kohaversion");
+ print $query->redirect("/cgi-bin/koha/maintenance.pl");
+ }
+ exit;
+ }
+ my $template_name;
+ if ( $type eq 'opac' ) {
+ $template_name = "opac-auth.tmpl";
+ }
+ else {
+ $template_name = "auth.tmpl";
+ }
+ my $template = gettemplate( $template_name, $type, $query );
+ $template->param(branchloop => \@branch_loop,);
+ $template->param(
+ login => 1,
+ INPUTS => \@inputs,
+ suggestion => C4::Context->preference("suggestion"),
+ virtualshelves => C4::Context->preference("virtualshelves"),
+ opaclargeimage => C4::Context->preference("opaclargeimage"),
+ LibraryName => C4::Context->preference("LibraryName"),
+ OpacNav => C4::Context->preference("OpacNav"),
+ opaccredits => C4::Context->preference("opaccredits"),
+ opacreadinghistory => C4::Context->preference("opacreadinghistory"),
+ opacsmallimage => C4::Context->preference("opacsmallimage"),
+ opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"),
+ opaccolorstylesheet => C4::Context->preference("opaccolorstylesheet"),
+ opaclanguagesdisplay => C4::Context->preference("opaclanguagesdisplay"),
+ opacuserjs => C4::Context->preference("opacuserjs"),
+
+ intranetcolorstylesheet =>
+ C4::Context->preference("intranetcolorstylesheet"),
+ intranetstylesheet => C4::Context->preference("intranetstylesheet"),
+ IntranetNav => C4::Context->preference("IntranetNav"),
+ intranetuserjs => C4::Context->preference("intranetuserjs"),
+ TemplateEncoding => C4::Context->preference("TemplateEncoding"),
+ IndependantBranches => C4::Context->preference("IndependantBranches"),
+ AutoLocation => C4::Context->preference("AutoLocation"),
+ );
+ $template->param( loginprompt => 1 ) unless $info{'nopermission'};
+
+ my $self_url = $query->url( -absolute => 1 );
+ $template->param(
+ url => $self_url,
+ LibraryName => => C4::Context->preference("LibraryName"),
+ );
+ $template->param( \%info );
+# $cookie = $query->cookie(CGISESSID => $session->id
+# );
print $query->header(
- -type => guesstype($template->output),
- -cookie => $cookie
- ), $template->output;
+ -type => 'text/html',
+ -charset => 'utf-8',
+ -cookie => $cookie
+ ),
+ $template->output;
exit;
}
+=item check_api_auth
+
+ ($status, $cookie, $sessionId) = check_api_auth($query, $userflags);
+
+Given a CGI query containing the parameters 'userid' and 'password' and/or a session
+cookie, determine if the user has the privileges specified by C<$userflags>.
+
+C<check_api_auth> is is meant for authenticating users of web services, and
+consequently will always return and will not attempt to redirect the user
+agent.
+
+If a valid session cookie is already present, check_api_auth will return a status
+of "ok", the cookie, and the Koha session ID.
+If no session cookie is present, check_api_auth will check the 'userid' and 'password
+parameters and create a session cookie and Koha session if the supplied credentials
+are OK.
+Possible return values in C<$status> are:
+
+=over 4
+
+=item "ok" -- user authenticated; C<$cookie> and C<$sessionid> have valid values.
+
+=item "failed" -- credentials are not correct; C<$cookie> and C<$sessionid> are undef
+
+=item "maintenance" -- DB is in maintenance mode; no login possible at the moment
+
+=item "expired -- session cookie has expired; API user should resubmit userid and password
+
+=back
+
+=cut
+
+sub check_api_auth {
+ my $query = shift;
+ my $flagsrequired = shift;
+
+ my $dbh = C4::Context->dbh;
+ my $timeout = C4::Context->preference('timeout');
+ $timeout = 600 unless $timeout;
+
+ unless (C4::Context->preference('Version')) {
+ # database has not been installed yet
+ return ("maintenance", undef, undef);
+ }
+ my $kohaversion=C4::Context::KOHAVERSION;
+ $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/;
+ if (C4::Context->preference('Version') < $kohaversion) {
+ # database in need of version update; assume that
+ # no API should be called while databsae is in
+ # this condition.
+ return ("maintenance", undef, undef);
+ }
+
+ # FIXME -- most of what follows is a copy-and-paste
+ # of code from checkauth. There is an obvious need
+ # for refactoring to separate the various parts of
+ # the authentication code, but as of 2007-11-19 this
+ # is deferred so as to not introduce bugs into the
+ # regular authentication code for Koha 3.0.
+
+ # see if we have a valid session cookie already
+ # however, if a userid parameter is present (i.e., from
+ # a form submission, assume that any current cookie
+ # is to be ignored
+ my $sessionID = undef;
+ unless ($query->param('userid')) {
+ $sessionID = $query->cookie("CGISESSID");
+ }
+ if ($sessionID) {
+ my $session = get_session($sessionID);
+ C4::Context->_new_userenv($sessionID);
+ if ($session) {
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+
+ my $ip = $session->param('ip');
+ my $lasttime = $session->param('lasttime');
+ my $userid = $session->param('id');
+ if ( $lasttime < time() - $timeout ) {
+ # time out
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ return ("expired", undef, undef);
+ } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+ # IP address changed
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ return ("expired", undef, undef);
+ } else {
+ my $cookie = $query->cookie( CGISESSID => $session->id );
+ $session->param('lasttime',time());
+ my $flags = haspermission( $dbh, $userid, $flagsrequired );
+ if ($flags) {
+ return ("ok", $cookie, $sessionID);
+ } else {
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ return ("failed", undef, undef);
+ }
+ }
+ } else {
+ return ("expired", undef, undef);
+ }
+ } else {
+ # new login
+ my $userid = $query->param('userid');
+ my $password = $query->param('password');
+ unless ($userid and $password) {
+ # caller did something wrong, fail the authenticateion
+ return ("failed", undef, undef);
+ }
+ my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
+ if ($return and haspermission( $dbh, $userid, $flagsrequired)) {
+ my $session = get_session("");
+ return ("failed", undef, undef) unless $session;
+
+ my $sessionID = $session->id;
+ C4::Context->_new_userenv($sessionID);
+ my $cookie = $query->cookie(CGISESSID => $sessionID);
+ if ( $return == 1 ) {
+ my (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ );
+ my $sth =
+ $dbh->prepare(
+"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname,branches.branchprinter as branchprinter, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where userid=?"
+ );
+ $sth->execute($userid);
+ (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ ) = $sth->fetchrow if ( $sth->rows );
+
+ unless ($sth->rows ) {
+ my $sth = $dbh->prepare(
+"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname, branches.branchprinter as branchprinter, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where cardnumber=?"
+ );
+ $sth->execute($cardnumber);
+ (
+ $borrowernumber, $firstname, $surname,
+ $userflags, $branchcode, $branchname,
+ $branchprinter, $emailaddress
+ ) = $sth->fetchrow if ( $sth->rows );
+
+ unless ( $sth->rows ) {
+ $sth->execute($userid);
+ (
+ $borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress
+ ) = $sth->fetchrow if ( $sth->rows );
+ }
+ }
+
+ my $ip = $ENV{'REMOTE_ADDR'};
+ # if they specify at login, use that
+ if ($query->param('branch')) {
+ $branchcode = $query->param('branch');
+ $branchname = GetBranchName($branchcode);
+ }
+ my $branches = GetBranches();
+ my @branchesloop;
+ foreach my $br ( keys %$branches ) {
+ # now we work with the treatment of ip
+ my $domain = $branches->{$br}->{'branchip'};
+ if ( $domain && $ip =~ /^$domain/ ) {
+ $branchcode = $branches->{$br}->{'branchcode'};
+
+ # new op dev : add the branchprinter and branchname in the cookie
+ $branchprinter = $branches->{$br}->{'branchprinter'};
+ $branchname = $branches->{$br}->{'branchname'};
+ }
+ }
+ $session->param('number',$borrowernumber);
+ $session->param('id',$userid);
+ $session->param('cardnumber',$cardnumber);
+ $session->param('firstname',$firstname);
+ $session->param('surname',$surname);
+ $session->param('branch',$branchcode);
+ $session->param('branchname',$branchname);
+ $session->param('flags',$userflags);
+ $session->param('emailaddress',$emailaddress);
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ } elsif ( $return == 2 ) {
+ #We suppose the user is the superlibrarian
+ $session->param('number',0);
+ $session->param('id',C4::Context->config('user'));
+ $session->param('cardnumber',C4::Context->config('user'));
+ $session->param('firstname',C4::Context->config('user'));
+ $session->param('surname',C4::Context->config('user'));
+ $session->param('branch','NO_LIBRARY_SET');
+ $session->param('branchname','NO_LIBRARY_SET');
+ $session->param('flags',1);
+ $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ }
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+ return ("ok", $cookie, $sessionID);
+ } else {
+ return ("failed", undef, undef);
+ }
+ }
+}
+
+=item check_cookie_auth
+
+ ($status, $sessionId) = check_api_auth($cookie, $userflags);
+
+Given a CGISESSID cookie set during a previous login to Koha, determine
+if the user has the privileges specified by C<$userflags>.
+
+C<check_cookie_auth> is meant for authenticating special services
+such as tools/upload-file.pl that are invoked by other pages that
+have been authenticated in the usual way.
+
+Possible return values in C<$status> are:
+
+=over 4
+
+=item "ok" -- user authenticated; C<$sessionID> have valid values.
+
+=item "failed" -- credentials are not correct; C<$sessionid> are undef
+
+=item "maintenance" -- DB is in maintenance mode; no login possible at the moment
+
+=item "expired -- session cookie has expired; API user should resubmit userid and password
+
+=back
+
+=cut
+
+sub check_cookie_auth {
+ my $cookie = shift;
+ my $flagsrequired = shift;
+
+ my $dbh = C4::Context->dbh;
+ my $timeout = C4::Context->preference('timeout');
+ $timeout = 600 unless $timeout;
+
+ unless (C4::Context->preference('Version')) {
+ # database has not been installed yet
+ return ("maintenance", undef);
+ }
+ my $kohaversion=C4::Context::KOHAVERSION;
+ $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/;
+ if (C4::Context->preference('Version') < $kohaversion) {
+ # database in need of version update; assume that
+ # no API should be called while databsae is in
+ # this condition.
+ return ("maintenance", undef);
+ }
+
+ # FIXME -- most of what follows is a copy-and-paste
+ # of code from checkauth. There is an obvious need
+ # for refactoring to separate the various parts of
+ # the authentication code, but as of 2007-11-23 this
+ # is deferred so as to not introduce bugs into the
+ # regular authentication code for Koha 3.0.
+
+ # see if we have a valid session cookie already
+ # however, if a userid parameter is present (i.e., from
+ # a form submission, assume that any current cookie
+ # is to be ignored
+ unless (defined $cookie and $cookie) {
+ return ("failed", undef);
+ }
+ my $sessionID = $cookie;
+ my $session = get_session($sessionID);
+ C4::Context->_new_userenv($sessionID);
+ if ($session) {
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+
+ my $ip = $session->param('ip');
+ my $lasttime = $session->param('lasttime');
+ my $userid = $session->param('id');
+ if ( $lasttime < time() - $timeout ) {
+ # time out
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ return ("expired", undef);
+ } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+ # IP address changed
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ return ("expired", undef);
+ } else {
+ $session->param('lasttime',time());
+ my $flags = haspermission( $dbh, $userid, $flagsrequired );
+ if ($flags) {
+ return ("ok", $sessionID);
+ } else {
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $userid = undef;
+ $sessionID = undef;
+ return ("failed", undef);
+ }
+ }
+ } else {
+ return ("expired", undef);
+ }
+}
+
+=item get_session
+
+ use CGI::Session;
+ my $session = get_session($sessionID);
+
+Given a session ID, retrieve the CGI::Session object used to store
+the session's state. The session object can be used to store
+data that needs to be accessed by different scripts during a
+user's session.
+
+If the C<$sessionID> parameter is an empty string, a new session
+will be created.
+
+=cut
+
+sub get_session {
+ my $sessionID = shift;
+ my $storage_method = C4::Context->preference('SessionStorage');
+ my $dbh = C4::Context->dbh;
+ my $session;
+ if ($storage_method eq 'mysql'){
+ $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+ }
+ elsif ($storage_method eq 'Pg') {
+ $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh});
+ }
+ else {
+ # catch all defaults to tmp should work on all systems
+ $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});
+ }
+ return $session;
+}
sub checkpw {
-# This should be modified to allow a selection of authentication schemes
-# (e.g. LDAP), as well as local authentication through the borrowers
-# tables passwd field
-#
+ my ( $dbh, $userid, $password ) = @_;
- my ($dbh, $userid, $password) = @_;
- {
- my $sth=$dbh->prepare
- ("select password,cardnumber from borrowers where userid=?");
- $sth->execute($userid);
- if ($sth->rows) {
- my ($md5password,$cardnumber) = $sth->fetchrow;
- if (md5_base64($password) eq $md5password) {
- return 1,$cardnumber;
- }
- }
+ # INTERNAL AUTH
+ my $sth =
+ $dbh->prepare(
+"select password,cardnumber,borrowernumber,userid,firstname,surname,branchcode,flags from borrowers where userid=?"
+ );
+ $sth->execute($userid);
+ if ( $sth->rows ) {
+ my ( $md5password, $cardnumber, $borrowernumber, $userid, $firstname,
+ $surname, $branchcode, $flags )
+ = $sth->fetchrow;
+ if ( md5_base64($password) eq $md5password ) {
+
+ C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
+ $firstname, $surname, $branchcode, $flags );
+ return 1, $cardnumber;
+ }
}
+ $sth =
+ $dbh->prepare(
+"select password,cardnumber,borrowernumber,userid, firstname,surname,branchcode,flags from borrowers where cardnumber=?"
+ );
+ $sth->execute($userid);
+ if ( $sth->rows ) {
+ my ( $md5password, $cardnumber, $borrowernumber, $userid, $firstname,
+ $surname, $branchcode, $flags )
+ = $sth->fetchrow;
+ if ( md5_base64($password) eq $md5password ) {
+
+ C4::Context->set_userenv( $borrowernumber, $userid, $cardnumber,
+ $firstname, $surname, $branchcode, $flags );
+ return 1, $userid;
+ }
+ }
+ if ( $userid && $userid eq C4::Context->config('user')
+ && "$password" eq C4::Context->config('pass') )
{
- my $sth=$dbh->prepare
- ("select password from borrowers where cardnumber=?");
- $sth->execute($userid);
- if ($sth->rows) {
- my ($md5password) = $sth->fetchrow;
- if (md5_base64($password) eq $md5password) {
- return 1,$userid;
- }
- }
+
+# Koha superuser account
+# C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1);
+ return 2;
}
- if ($userid eq C4::Context->config('user') && $password eq C4::Context->config('pass')) {
- # Koha superuser account
- return 2;
+ if ( $userid && $userid eq 'demo'
+ && "$password" eq 'demo'
+ && C4::Context->config('demo') )
+ {
+
+# DEMO => the demo user is allowed to do everything (if demo set to 1 in koha.conf
+# some features won't be effective : modify systempref, modify MARC structure,
+ return 2;
}
return 0;
}
-
-
sub getuserflags {
- my $cardnumber=shift;
- my $dbh=shift;
+ my $cardnumber = shift;
+ my $dbh = shift;
my $userflags;
- my $sth=$dbh->prepare("SELECT flags FROM borrowers WHERE cardnumber=?");
+ my $sth = $dbh->prepare("SELECT flags FROM borrowers WHERE cardnumber=?");
$sth->execute($cardnumber);
my ($flags) = $sth->fetchrow;
- $sth=$dbh->prepare("SELECT bit, flag, defaulton FROM userflags");
+ $flags = 0 unless $flags;
+ $sth = $dbh->prepare("SELECT bit, flag, defaulton FROM userflags");
$sth->execute;
- while (my ($bit, $flag, $defaulton) = $sth->fetchrow) {
- if (($flags & (2**$bit)) || $defaulton) {
- $userflags->{$flag}=1;
- }
+
+ while ( my ( $bit, $flag, $defaulton ) = $sth->fetchrow ) {
+ if ( ( $flags & ( 2**$bit ) ) || $defaulton ) {
+ $userflags->{$flag} = 1;
+ }
+ else {
+ $userflags->{$flag} = 0;
+ }
}
return $userflags;
}
sub haspermission {
- my ($dbh, $userid, $flagsrequired) = @_;
- my $sth=$dbh->prepare("SELECT cardnumber FROM borrowers WHERE userid=?");
+ my ( $dbh, $userid, $flagsrequired ) = @_;
+ my $sth = $dbh->prepare("SELECT cardnumber FROM borrowers WHERE userid=?");
$sth->execute($userid);
my ($cardnumber) = $sth->fetchrow;
- ($cardnumber) || ($cardnumber=$userid);
- my $flags=getuserflags($cardnumber,$dbh);
+ ($cardnumber) || ( $cardnumber = $userid );
+ my $flags = getuserflags( $cardnumber, $dbh );
my $configfile;
- if ($userid eq C4::Context->config('user')) {
- # Super User Account from /etc/koha.conf
- $flags->{'superlibrarian'}=1;
+ if ( $userid eq C4::Context->config('user') ) {
+
+ # Super User Account from /etc/koha.conf
+ $flags->{'superlibrarian'} = 1;
+ }
+ if ( $userid eq 'demo' && C4::Context->config('demo') ) {
+
+ # Demo user that can do "anything" (demo=1 in /etc/koha.conf)
+ $flags->{'superlibrarian'} = 1;
}
return $flags if $flags->{superlibrarian};
- foreach (keys %$flagsrequired) {
- return $flags if $flags->{$_};
+ foreach ( keys %$flagsrequired ) {
+ return $flags if $flags->{$_};
}
return 0;
}
sub getborrowernumber {
my ($userid) = @_;
my $dbh = C4::Context->dbh;
- for my $field ('userid', 'cardnumber') {
- my $sth=$dbh->prepare
- ("select borrowernumber from borrowers where $field=?");
- $sth->execute($userid);
- if ($sth->rows) {
- my ($bnumber) = $sth->fetchrow;
- return $bnumber;
- }
+ for my $field ( 'userid', 'cardnumber' ) {
+ my $sth =
+ $dbh->prepare("select borrowernumber from borrowers where $field=?");
+ $sth->execute($userid);
+ if ( $sth->rows ) {
+ my ($bnumber) = $sth->fetchrow;
+ return $bnumber;
+ }
}
return 0;
}
-
-
-END { } # module clean-up code here (global destructor)
+END { } # module clean-up code here (global destructor)
1;
__END__