#
# This file is part of Koha.
#
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
#
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along
-# with Koha; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-#use warnings; FIXME - Bug 2505
-use Digest::MD5 qw(md5_base64);
+use Modern::Perl;
+use CGI::Session;
+use File::Spec;
require Exporter;
+
use C4::Context;
-use C4::Output;
+use C4::Output qw( output_html_with_http_headers );
use C4::Templates;
-use C4::Koha;
-use CGI::Session;
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-
-# set the version for version checking
-$VERSION = 3.00;
+our (@ISA, @EXPORT_OK);
+BEGIN {
+ @ISA = qw(Exporter);
+ @EXPORT_OK = qw(
+ checkauth
+ get_template_and_user
+ );
+}
=head1 NAME
=head1 SYNOPSIS
- use CGI;
+ use CGI qw ( -utf8 );
use InstallAuth;
use C4::Output;
my $query = new CGI;
- my ($template, $borrowernumber, $cookie)
- = get_template_and_user({template_name => "opac-main.tmpl",
- query => $query,
- type => "opac",
- authnotrequired => 1,
- flagsrequired => {borrow => 1},
- });
+ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
+ { template_name => "opac-main.tt",
+ query => $query,
+ type => "opac",
+ authnotrequired => 1,
+ flagsrequired => { acquisition => '*' },
+ }
+ );
output_html_with_http_headers $query, $cookie, $template->output;
=head1 DESCRIPTION
- The main function of this module is to provide
- authentification. However the get_template_and_user function has
- been provided so that a users login information is passed along
- automatically. This gets loaded into the template.
- This package is different from C4::Auth in so far as
- C4::Auth uses many preferences which are supposed NOT to be obtainable when installing the database.
+The main function of this module is to provide
+authentification. However the get_template_and_user function has
+been provided so that a users login information is passed along
+automatically. This gets loaded into the template.
+This package is different from C4::Auth in so far as
+C4::Auth uses many preferences which are supposed NOT to be obtainable when installing the database.
- As in C4::Auth, Authentication is based on cookies.
+As in C4::Auth, Authentication is based on cookies.
=head1 FUNCTIONS
-=over 2
-
-=cut
-
-@ISA = qw(Exporter);
-@EXPORT = qw(
- &checkauth
- &get_template_and_user
-);
-
-=item get_template_and_user
+=head2 get_template_and_user
- my ($template, $borrowernumber, $cookie)
- = get_template_and_user({template_name => "opac-main.tmpl",
- query => $query,
- type => "opac",
- authnotrequired => 1,
- flagsrequired => {borrow => 1},
- });
+ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
+ { template_name => "opac-main.tt",
+ query => $query,
+ type => "opac",
+ authnotrequired => 1,
+ flagsrequired => { acquisition => '*' },
+ }
+ );
- This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
- to C<&checkauth> (in this module) to perform authentification.
- See C<&checkauth> for an explanation of these parameters.
+This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
+to C<&checkauth> (in this module) to perform authentification.
+See C<&checkauth> for an explanation of these parameters.
- The C<template_name> is then used to find the correct template for
- the page. The authenticated users details are loaded onto the
- template in the HTML::Template LOOP variable C<USER_INFO>. Also the
- C<sessionID> is passed to the template. This can be used in templates
- if cookies are disabled. It needs to be put as and input to every
- authenticated page.
+The C<template_name> is then used to find the correct template for
+the page. The authenticated users details are loaded onto the
+template in the logged_in_user variable (which is a Koha::Patron object). Also the
+C<sessionID> is passed to the template. This can be used in templates
+if cookies are disabled. It needs to be put as and input to every
+authenticated page.
- More information on the C<gettemplate> sub can be found in the
- Templates.pm module.
+More information on the C<gettemplate> sub can be found in the
+Templates.pm module.
=cut
my $path = C4::Context->config('intrahtdocs'). "/prog/". $language;
my $tmplbase = $in->{template_name};
- $tmplbase=~ s/\.tmpl$/.tt/;
my $filename = "$path/modules/" . $tmplbase;
my $interface = 'intranet';
my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query);
$template->param( CAN_user_borrowers => 1 );
$template->param( CAN_user_permission => 1 );
$template->param( CAN_user_reserveforothers => 1 );
- $template->param( CAN_user_borrow => 1 );
$template->param( CAN_user_editcatalogue => 1 );
$template->param( CAN_user_updatecharges => 1 );
$template->param( CAN_user_acquisition => 1 );
- $template->param( CAN_user_management => 1 );
$template->param( CAN_user_tools => 1 );
$template->param( CAN_user_editauthorities => 1 );
$template->param( CAN_user_serials => 1 );
$template->param( CAN_user_reports => 1 );
+ $template->param( CAN_user_problem_reports => 1 );
+ $template->param( CAN_user_recalls => 1 );
}
+
+ my $minPasswordLength = C4::Context->preference('minPasswordLength');
+ $minPasswordLength = 3 if not $minPasswordLength or $minPasswordLength < 3;
+ $template->param(minPasswordLength => $minPasswordLength,);
}
return ( $template, $borrowernumber, $cookie );
}
-d $path ? $opaclang : 'en';
}
-=item checkauth
+=head2 checkauth
($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type);
my $dbh = C4::Context->dbh();
my $template_name;
- $template_name = "installer/auth.tmpl";
+ $template_name = "installer/auth.tt";
+ my $sessdir = File::Spec->catdir( C4::Context::temporary_directory, 'cgisess_' . C4::Context->config('database') ); # same construction as in C4/Auth
# state variables
my $loggedin = 0;
if ( $sessionID = $query->cookie("CGISESSID") ) {
C4::Context->_new_userenv($sessionID);
my $session =
- new CGI::Session( "driver:File;serializer:yaml", $sessionID,
- { Directory => '/tmp' } );
+ CGI::Session->new( "driver:File", $sessionID,
+ { Directory => $sessdir } );
if ( $session->param('cardnumber') ) {
- C4::Context::set_userenv(
+ C4::Context->set_userenv(
$session->param('number'),
$session->param('id'),
$session->param('cardnumber'),
$session->param('branch'),
$session->param('branchname'),
$session->param('flags'),
- $session->param('emailaddress'),
- $session->param('branchprinter')
+ $session->param('emailaddress')
);
$cookie = $query->cookie(
-name => 'CGISESSID',
-value => $session->id,
-HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
+ -sameSite => 'Lax'
);
$loggedin = 1;
$userid = $session->param('cardnumber');
}
- my ( $ip, $lasttime );
if ($logout) {
}
unless ($userid) {
my $session =
- new CGI::Session( "driver:File;serializer:yaml", undef, { Directory => '/tmp' } );
+ CGI::Session->new( "driver:File", undef, { Directory => $sessdir } );
$sessionID = $session->id;
$userid = $query->param('userid');
C4::Context->_new_userenv($sessionID);
-name => 'CGISESSID',
-value => $sessionID,
-HttpOnly => 1,
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
+ -sameSite => 'Lax'
);
if ( $return == 2 ) {
#Only superlibrarian should have access to this page.
#Since if it is a user, it is supposed that there is a borrower table
#And thus that data structure is loaded.
- my $hash = C4::Context::set_userenv(
+ my $hash = C4::Context->set_userenv(
0, 0,
C4::Context->config('user'), C4::Context->config('user'),
C4::Context->config('user'), "",
-name => 'CGISESSID',
-value => '',
-HttpOnly => 1,
- -expires => ''
+ -expires => '',
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
+ -sameSite => 'Lax'
);
}
if ($envcookie) {
C4::Context->config('intrahtdocs') . "/prog/"
. ( $query->param('language') ? $query->param('language') : "en" );
my $filename = "$path/modules/$template_name";
- $filename =~ s/\.tmpl$/.tt/;
my $interface = 'intranet';
my $template = C4::Templates->new( $interface, $filename, '', $query);
$template->param(
$template->param( login => 1 );
$template->param( loginprompt => 1 ) unless $info{'nopermission'};
- my $self_url = $query->url( -absolute => 1 );
- $template->param( url => $self_url, );
+ if ($info{'invalid_username_or_password'} && $info{'invalid_username_or_password'} == 1) {
+ $template->param( 'invalid_username_or_password' => $info{'invalid_username_or_password'});
+ }
+
$template->param( \%info );
$cookie = $query->cookie(
-name => 'CGISESSID',
-value => $sessionID,
-HttpOnly => 1,
- -expires => ''
+ -expires => '',
+ -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
+ -sameSite => 'Lax'
);
print $query->header(
-type => 'text/html; charset=utf-8',
C4::Context->config('user'),
C4::Context->config('user'),
C4::Context->config('user'),
- "", 1
+ "", "NO_LIBRARY_SET", 1
);
return 2;
}
- if ( $userid
- && $userid eq 'demo'
- && "$password" eq 'demo'
- && C4::Context->config('demo') )
- {
-
-# DEMO => the demo user is allowed to do everything (if demo set to 1 in koha.conf
-# some features won't be effective : modify systempref, modify MARC structure,
- return 2;
- }
return 0;
}
1;
__END__
-=back
-
=head1 SEE ALSO
CGI(3)