use Koha::DateUtils qw(dt_from_string);
use Koha::Library::Groups;
use Koha::Libraries;
+use Koha::Desks;
use Koha::Patrons;
use Koha::Patron::Consents;
use POSIX qw/strftime/;
use Encode qw( encode is_utf8);
use C4::Auth_with_shibboleth;
use Net::CIDR;
+use C4::Log qw/logaction/;
# use utf8;
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout);
$in->{'query'},
$in->{'authnotrequired'},
$in->{'flagsrequired'},
- $in->{'type'}
+ $in->{'type'},
+ undef,
+ $in->{template_name},
);
}
-value => '',
-expires => '',
-HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
$template->param(
# these template parameters are set the same regardless of $in->{'type'}
- # Set the using_https variable for templates
- # FIXME Under Plack the CGI->https method always returns 'OFF'
- my $https = $in->{query}->https();
- my $using_https = ( defined $https and $https ne 'OFF' ) ? 1 : 0;
-
my $minPasswordLength = C4::Context->preference('minPasswordLength');
$minPasswordLength = 3 if not $minPasswordLength or $minPasswordLength < 3;
$template->param(
GoogleJackets => C4::Context->preference("GoogleJackets"),
OpenLibraryCovers => C4::Context->preference("OpenLibraryCovers"),
KohaAdminEmailAddress => "" . C4::Context->preference("KohaAdminEmailAddress"),
- LoginBranchcode => ( C4::Context->userenv ? C4::Context->userenv->{"branch"} : undef ),
LoginFirstname => ( C4::Context->userenv ? C4::Context->userenv->{"firstname"} : "Bel" ),
LoginSurname => C4::Context->userenv ? C4::Context->userenv->{"surname"} : "Inconnu",
emailaddress => C4::Context->userenv ? C4::Context->userenv->{"emailaddress"} : undef,
singleBranchMode => ( Koha::Libraries->search->count == 1 ),
XSLTDetailsDisplay => C4::Context->preference("XSLTDetailsDisplay"),
XSLTResultsDisplay => C4::Context->preference("XSLTResultsDisplay"),
- using_https => $using_https,
noItemTypeImages => C4::Context->preference("noItemTypeImages"),
marcflavour => C4::Context->preference("marcflavour"),
OPACBaseURL => C4::Context->preference('OPACBaseURL'),
IntranetNav => C4::Context->preference("IntranetNav"),
IntranetmainUserblock => C4::Context->preference("IntranetmainUserblock"),
LibraryName => C4::Context->preference("LibraryName"),
- LoginBranchname => ( C4::Context->userenv ? C4::Context->userenv->{"branchname"} : undef ),
advancedMARCEditor => C4::Context->preference("advancedMARCEditor"),
canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'),
intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
opac_name => $opac_name,
LibraryName => "" . C4::Context->preference("LibraryName"),
LibraryNameTitle => "" . $LibraryNameTitle,
- LoginBranchname => C4::Context->userenv ? C4::Context->userenv->{"branchname"} : "",
OPACAmazonCoverImages => C4::Context->preference("OPACAmazonCoverImages"),
OPACFRBRizeEditions => C4::Context->preference("OPACFRBRizeEditions"),
OpacHighlightedWords => C4::Context->preference("OpacHighlightedWords"),
OpacBrowser => C4::Context->preference("OpacBrowser"),
OpacCloud => C4::Context->preference("OpacCloud"),
OpacKohaUrl => C4::Context->preference("OpacKohaUrl"),
- OpacMainUserBlock => "" . C4::Context->preference("OpacMainUserBlock"),
OpacNav => "" . C4::Context->preference("OpacNav"),
OpacNavBottom => "" . C4::Context->preference("OpacNavBottom"),
OpacPasswordChange => C4::Context->preference("OpacPasswordChange"),
hidelostitems => C4::Context->preference("hidelostitems"),
mylibraryfirst => ( C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv ) ? C4::Context->userenv->{'branch'} : '',
opacbookbag => "" . C4::Context->preference("opacbookbag"),
- opaccredits => "" . C4::Context->preference("opaccredits"),
OpacFavicon => C4::Context->preference("OpacFavicon"),
opaclanguagesdisplay => "" . C4::Context->preference("opaclanguagesdisplay"),
opacreadinghistory => C4::Context->preference("opacreadinghistory"),
}
sub _timeout_syspref {
- my $timeout = C4::Context->preference('timeout') || 600;
+ my $default_timeout = 600;
+ my $timeout = C4::Context->preference('timeout') || $default_timeout;
# value in days, convert in seconds
- if ( $timeout =~ /(\d+)[dD]/ ) {
+ if ( $timeout =~ /^(\d+)[dD]$/ ) {
$timeout = $1 * 86400;
}
+ # value in hours, convert in seconds
+ elsif ( $timeout =~ /^(\d+)[hH]$/ ) {
+ $timeout = $1 * 3600;
+ }
+ elsif ( $timeout !~ m/^\d+$/ ) {
+ warn "The value of the system preference 'timeout' is not correct, defaulting to $default_timeout";
+ $timeout = $default_timeout;
+ }
+
return $timeout;
}
my $flagsrequired = shift;
my $type = shift;
my $emailaddress = shift;
+ my $template_name = shift;
$type = 'opac' unless $type;
+ unless ( C4::Context->preference("OpacPublic") ) {
+ my @allowed_scripts_for_private_opac = qw(
+ opac-memberentry.tt
+ opac-registration-email-sent.tt
+ opac-registration-confirmation.tt
+ opac-memberentry-update-submitted.tt
+ opac-password-recovery.tt
+ );
+ $authnotrequired = 0 unless grep { $_ eq $template_name }
+ @allowed_scripts_for_private_opac;
+ }
+
my $dbh = C4::Context->dbh;
my $timeout = _timeout_syspref();
-value => '',
-expires => '',
-HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
$loggedin = 1;
}
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
- $session->param('emailaddress'),
- $session->param('shibboleth')
+ $session->param('emailaddress'), $session->param('shibboleth'),
+ $session->param('desk_id'), $session->param('desk_name')
);
C4::Context::set_shelves_userenv( 'bar', $session->param('barshelves') );
C4::Context::set_shelves_userenv( 'pub', $session->param('pubshelves') );
$cookie = $query->cookie(
-name => 'CGISESSID',
-value => $session->id,
- -HttpOnly => 1
+ -HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
$session->param( 'lasttime', time() );
unless ( $sessiontype && $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
$cookie = $query->cookie(
-name => 'CGISESSID',
-value => $session->id,
- -HttpOnly => 1
+ -HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
my $pki_field = C4::Context->preference('AllowPKIAuth');
if ( !defined($pki_field) ) {
C4::Context->_unset_userenv($sessionID);
}
my ( $borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $emailaddress );
+ $branchcode, $branchname, $emailaddress, $desk_id, $desk_name );
if ( $return == 1 ) {
my $select = "
my $library = Koha::Libraries->find($branchcode);
$branchname = $library? $library->branchname: '';
}
+ if ( $query->param('desk_id') ) {
+ $desk_id = $query->param('desk_id');
+ my $desk = Koha::Desks->find($desk_id);
+ $desk_name = $desk ? $desk->desk_name : '';
+ }
my $branches = { map { $_->branchcode => $_->unblessed } Koha::Libraries->search };
if ( $type ne 'opac' and C4::Context->boolean_preference('AutoLocation') ) {
$cookie = $query->cookie(
-name => 'CGISESSID',
-value => '',
- -HttpOnly => 1
+ -HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
$info{'wrongip'} = 1;
}
$session->param( 'surname', $surname );
$session->param( 'branch', $branchcode );
$session->param( 'branchname', $branchname );
+ $session->param( 'desk_id', $desk_id);
+ $session->param( 'desk_name', $desk_name);
$session->param( 'flags', $userflags );
$session->param( 'emailaddress', $emailaddress );
$session->param( 'ip', $session->remote_addr() );
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
- $session->param('emailaddress'), $session->param('shibboleth')
+ $session->param('emailaddress'), $session->param('shibboleth'),
+ $session->param('desk_id'), $session->param('desk_name')
);
}
$cookie = $query->cookie(
-name => 'CGISESSID',
-value => '',
- -HttpOnly => 1
+ -HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
}
+ track_login_daily( $userid );
+
# In case, that this request was a login attempt, we want to prevent that users can repost the opac login
# request. We therefore redirect the user to the requested page again without the login parameters.
# See Post/Redirect/Get (PRG) design pattern: https://en.wikipedia.org/wiki/Post/Redirect/Get
exit;
}
- track_login_daily( $userid );
-
return ( $userid, $cookie, $sessionID, $flags );
}
$LibraryNameTitle =~ s/<(?:\/?)(?:br|p)\s*(?:\/?)>/ /sgi;
$LibraryNameTitle =~ s/<(?:[^<>'"]|'(?:[^']*)'|"(?:[^"]*)")*>//sg;
- my $template_name = ( $type eq 'opac' ) ? 'opac-auth.tt' : 'auth.tt';
- my $template = C4::Templates::gettemplate( $template_name, $type, $query );
+ my $auth_template_name = ( $type eq 'opac' ) ? 'opac-auth.tt' : 'auth.tt';
+ my $template = C4::Templates::gettemplate( $auth_template_name, $type, $query );
$template->param(
login => 1,
INPUTS => \@inputs,
opacuserlogin => C4::Context->preference("opacuserlogin"),
OpacNav => C4::Context->preference("OpacNav"),
OpacNavBottom => C4::Context->preference("OpacNavBottom"),
- opaccredits => C4::Context->preference("opaccredits"),
OpacFavicon => C4::Context->preference("OpacFavicon"),
opacreadinghistory => C4::Context->preference("opacreadinghistory"),
opaclanguagesdisplay => C4::Context->preference("opaclanguagesdisplay"),
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
- $session->param('emailaddress')
+ $session->param('emailaddress'), $session->param('shibboleth'),
+ $session->param('desk_id'), $session->param('desk_name')
);
my $ip = $session->param('ip');
-name => 'CGISESSID',
-value => $session->id,
-HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
$session->param( 'lasttime', time() );
my $flags = haspermission( $userid, $flagsrequired );
-name => 'CGISESSID',
-value => $sessionID,
-HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
);
if ( $return == 1 ) {
my (
$session->param('number'), $session->param('id'),
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
- $session->param('branchname'), $session->param('flags'),
- $session->param('emailaddress')
+ $session->param('emailaddress'), $session->param('shibboleth'),
+ $session->param('desk_id'), $session->param('desk_name')
);
return ( "ok", $cookie, $sessionID );
} else {
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
- $session->param('emailaddress')
+ $session->param('emailaddress'), $session->param('shibboleth'),
+ $session->param('desk_id'), $session->param('desk_name')
);
my $ip = $session->param('ip');
sub get_session {
my $sessionID = shift;
my $params = _get_session_params();
- return new CGI::Session( $params->{dsn}, $sessionID, $params->{dsn_args} );
+ return CGI::Session->new( $params->{dsn}, $sessionID, $params->{dsn_args} );
}
$patron->update({ login_attempts => $patron->login_attempts + 1 });
}
}
+
+ # Optionally log success or failure
+ if( $patron && $passwd_ok && C4::Context->preference('AuthSuccessLog') ) {
+ logaction( 'AUTH', 'SUCCESS', $patron->id, "Valid password for $userid", $type );
+ } elsif( !$passwd_ok && C4::Context->preference('AuthFailureLog') ) {
+ logaction( 'AUTH', 'FAILURE', $patron ? $patron->id : 0, "Wrong password for $userid", $type );
+ }
+
return @return;
}