X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=C4%2FAuth.pm;h=38bbd5ef1576083215bb80f291a91cd46d778007;hb=9a4873bc4ceba454b99cb440ea1f0b7e09f48e90;hp=7a0c13ea293579da7f7980701d375c216ba3ac0c;hpb=f098258e8cf2d616c6bbc35e44c6a1df47be8517;p=koha_gimpoz

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 7a0c13ea29..38bbd5ef15 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -26,45 +26,40 @@ use CGI::Session;
 
 require Exporter;
 use C4::Context;
-use C4::Output;    # to get the template
-use C4::Members;
-use C4::Koha;
+use C4::Templates;    # to get the template
 use C4::Branch; # GetBranches
 use C4::VirtualShelves;
 use POSIX qw/strftime/;
+use List::MoreUtils qw/ any /;
 
 # use utf8;
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout $servers $memcached);
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout);
 
 BEGIN {
-    $VERSION = 3.02;        # set version for version checking
-    $debug = $ENV{DEBUG};
-    @ISA   = qw(Exporter);
-    @EXPORT    = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions);
-    @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions);
-    %EXPORT_TAGS = (EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)]);
-    $ldap = C4::Context->config('useldapserver') || 0;
-    $cas = C4::Context->preference('casAuthentication');
-    $caslogout = C4::Context->preference('casLogout');
+    sub psgi_env { any { /^psgi\./ } keys %ENV }
+    sub safe_exit {
+	if ( psgi_env ) { die 'psgi:exit' }
+	else { exit }
+    }
+
+    $VERSION     = 3.02;                                                                                                            # set version for version checking
+    $debug       = $ENV{DEBUG};
+    @ISA         = qw(Exporter);
+    @EXPORT      = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions);
+    @EXPORT_OK   = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions);
+    %EXPORT_TAGS = ( EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)] );
+    $ldap        = C4::Context->config('useldapserver') || 0;
+    $cas         = C4::Context->preference('casAuthentication');
+    $caslogout   = C4::Context->preference('casLogout');
+    require C4::Auth_with_cas;             # no import
     if ($ldap) {
-        require C4::Auth_with_ldap;             # no import
-        import  C4::Auth_with_ldap qw(checkpw_ldap);
+	require C4::Auth_with_ldap;
+	import C4::Auth_with_ldap qw(checkpw_ldap);
     }
     if ($cas) {
-        require C4::Auth_with_cas;             # no import
-        import  C4::Auth_with_cas qw(checkpw_cas login_cas logout_cas login_cas_url);
-    }
-    $servers = C4::Context->config('memcached_servers');
-    $memcached;
-    if ($servers) {
-	require Cache::Memcached;
-        $memcached = Cache::Memcached->new({
-					       servers => [ $servers ],
-					       debug   => 0,
-					       compress_threshold => 10_000,
-					       namespace => C4::Context->config('memcached_namespace') || 'koha',
-					   });
+        import  C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url);
     }
+
 }
 
 =head1 NAME
@@ -132,34 +127,26 @@ Output.pm module.
 
 my $SEARCH_HISTORY_INSERT_SQL =<<EOQ;
 INSERT INTO search_history(userid, sessionid, query_desc, query_cgi, total, time            )
-VALUES                    (     ?,         ?,          ?,         ?,     ?, FROM_UNIXTIME(?))
+VALUES                    (     ?,         ?,          ?,         ?,          ?, FROM_UNIXTIME(?))
 EOQ
 sub get_template_and_user {
     my $in       = shift;
     my $template =
-      gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} );
-    my ( $user, $cookie, $sessionID, $flags ) = checkauth(
-        $in->{'query'},
-        $in->{'authnotrequired'},
-        $in->{'flagsrequired'},
-        $in->{'type'}
-    ) unless ($in->{'template_name'}=~/maintenance/);
+      C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} );
+    my ( $user, $cookie, $sessionID, $flags );
+    if ( $in->{'template_name'} !~m/maintenance/ ) {
+        ( $user, $cookie, $sessionID, $flags ) = checkauth(
+            $in->{'query'},
+            $in->{'authnotrequired'},
+            $in->{'flagsrequired'},
+            $in->{'type'}
+        );
+    }
 
     my $borrowernumber;
     my $insecure = C4::Context->preference('insecure');
     if ($user or $insecure) {
 
-        # load the template variables for stylesheets and JavaScript
-        $template->param( css_libs => $in->{'css_libs'} );
-        $template->param( css_module => $in->{'css_module'} );
-        $template->param( css_page => $in->{'css_page'} );
-        $template->param( css_widgets => $in->{'css_widgets'} );
-
-        $template->param( js_libs => $in->{'js_libs'} );
-        $template->param( js_module => $in->{'js_module'} );
-        $template->param( js_page => $in->{'js_page'} );
-        $template->param( js_widgets => $in->{'js_widgets'} );
-
         # user info
         $template->param( loggedinusername => $user );
         $template->param( sessionID        => $sessionID );
@@ -179,8 +166,8 @@ sub get_template_and_user {
         }
 
         $borrowernumber = getborrowernumber($user) if defined($user);
-
-        my ( $borr ) = GetMemberDetails( $borrowernumber );
+        require C4::Members;
+        my ( $borr ) = C4::Members::GetMemberDetails( $borrowernumber );
         my @bordat;
         $bordat[0] = $borr;
         $template->param( "USER_INFO" => \@bordat );
@@ -268,7 +255,7 @@ sub get_template_and_user {
 						       $_->{'query_cgi'},
 						       $_->{'total'},
 						       $_->{'time'},
-                                        ) foreach @recentSearches;
+                            ) foreach @recentSearches;
 
 					# And then, delete the cookie's content
 					my $newsearchcookie = $in->{'query'}->cookie(
@@ -283,17 +270,6 @@ sub get_template_and_user {
     }
 	else {	# if this is an anonymous session, setup to display public lists...
 
-        # load the template variables for stylesheets and JavaScript
-        $template->param( css_libs => $in->{'css_libs'} );
-        $template->param( css_module => $in->{'css_module'} );
-        $template->param( css_page => $in->{'css_page'} );
-        $template->param( css_widgets => $in->{'css_widgets'} );
-
-        $template->param( js_libs => $in->{'js_libs'} );
-        $template->param( js_module => $in->{'js_module'} );
-        $template->param( js_page => $in->{'js_page'} );
-        $template->param( js_widgets => $in->{'js_widgets'} );
-
         $template->param( sessionID        => $sessionID );
         
         my ($total, $pubshelves) = C4::Context->get_shelves_userenv();  # an anonymous user has no 'barshelves'...
@@ -336,6 +312,7 @@ sub get_template_and_user {
             "BiblioDefaultView".C4::Context->preference("BiblioDefaultView")         => 1,
             EnhancedMessagingPreferences => C4::Context->preference('EnhancedMessagingPreferences'),
             GoogleJackets                => C4::Context->preference("GoogleJackets"),
+	    OpenLibraryCovers            => C4::Context->preference("OpenLibraryCovers"),
             KohaAdminEmailAddress        => "" . C4::Context->preference("KohaAdminEmailAddress"),
             LoginBranchcode              => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
             LoginFirstname               => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
@@ -379,6 +356,10 @@ sub get_template_and_user {
             virtualshelves              => C4::Context->preference("virtualshelves"),
             StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"),
             NoZebra                     => C4::Context->preference('NoZebra'),
+            EasyAnalyticalRecords       => C4::Context->preference('EasyAnalyticalRecords'),
+            LocalCoverImages            => C4::Context->preference('LocalCoverImages'),
+            OPACLocalCoverImages        => C4::Context->preference('OPACLocalCoverImages'),
+            AllowMultipleCovers         => C4::Context->preference('AllowMultipleCovers'),
         );
     }
     else {
@@ -387,6 +368,11 @@ sub get_template_and_user {
         my $LibraryNameTitle = C4::Context->preference("LibraryName");
         $LibraryNameTitle =~ s/<(?:\/?)(?:br|p)\s*(?:\/?)>/ /sgi;
         $LibraryNameTitle =~ s/<(?:[^<>'"]|'(?:[^']*)'|"(?:[^"]*)")*>//sg;
+        # clean up the busc param in the session if the page is not opac-detail
+        if ($in->{'template_name'} =~ /opac-(.+)\.(?:tt|tmpl)$/ && $1 !~ /^(?:MARC|ISBD)?detail$/) {
+            my $sessionSearch = get_session($sessionID || $in->{'query'}->cookie("CGISESSID"));
+            $sessionSearch->clear(["busc"]) if ($sessionSearch->param("busc"));
+        }
         # variables passed from CGI: opac_css_override and opac_search_limits.
         my $opac_search_limit = $ENV{'OPAC_SEARCH_LIMIT'};
         my $opac_limit_override = $ENV{'OPAC_LIMIT_OVERRIDE'};
@@ -396,6 +382,15 @@ sub get_template_and_user {
         } elsif (C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv && C4::Context->userenv->{'branch'}) {
             $opac_name = C4::Context->userenv->{'branch'};
         }
+	my $checkstyle = C4::Context->preference("opaccolorstylesheet");
+	if ($checkstyle =~ /http/)
+	{
+            	$template->param( opacexternalsheet => $checkstyle);
+	} else
+	{
+		my $opaccolorstylesheet = C4::Context->preference("opaccolorstylesheet");  
+            $template->param( opaccolorstylesheet => $opaccolorstylesheet);
+	}
         $template->param(
             AmazonContent             => "" . C4::Context->preference("AmazonContent"),
             AnonSuggestions           => "" . C4::Context->preference("AnonSuggestions"),
@@ -412,6 +407,7 @@ sub get_template_and_user {
             OpacHighlightedWords       => C4::Context->preference("OpacHighlightedWords"),
             OPACItemHolds             => C4::Context->preference("OPACItemHolds"),
             OPACShelfBrowser          => "". C4::Context->preference("OPACShelfBrowser"),
+            OpacShowRecentComments    => C4::Context->preference("OpacShowRecentComments"),
             OPACURLOpenInNewWindow    => "" . C4::Context->preference("OPACURLOpenInNewWindow"),
             OPACUserCSS               => "". C4::Context->preference("OPACUserCSS"),
             OPACViewOthersSuggestions => "" . C4::Context->preference("OPACViewOthersSuggestions"),
@@ -423,8 +419,10 @@ sub get_template_and_user {
             opac_limit_override       => $opac_limit_override,
             OpacBrowser               => C4::Context->preference("OpacBrowser"),
             OpacCloud                 => C4::Context->preference("OpacCloud"),
+            OpacKohaUrl               => C4::Context->preference("OpacKohaUrl"),
             OpacMainUserBlock         => "" . C4::Context->preference("OpacMainUserBlock"),
             OpacNav                   => "" . C4::Context->preference("OpacNav"),
+            OpacNavBottom             => "" . C4::Context->preference("OpacNavBottom"),
             OpacPasswordChange        => C4::Context->preference("OpacPasswordChange"),
             OPACPatronDetails        => C4::Context->preference("OPACPatronDetails"),
             OPACPrivacy               => C4::Context->preference("OPACPrivacy"),
@@ -435,7 +433,6 @@ sub get_template_and_user {
             hidelostitems             => C4::Context->preference("hidelostitems"),
             mylibraryfirst            => (C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv) ? C4::Context->userenv->{'branch'} : '',
             opaclayoutstylesheet      => "" . C4::Context->preference("opaclayoutstylesheet"),
-            opaccolorstylesheet       => "" . C4::Context->preference("opaccolorstylesheet"),
             opacstylesheet            => "" . C4::Context->preference("opacstylesheet"),
             opacbookbag               => "" . C4::Context->preference("opacbookbag"),
             opaccredits               => "" . C4::Context->preference("opaccredits"),
@@ -448,6 +445,7 @@ sub get_template_and_user {
             opacuserlogin             => "" . C4::Context->preference("opacuserlogin"),
             reviewson                 => C4::Context->preference("reviewson"),
             ShowReviewer              => C4::Context->preference("ShowReviewer"),
+            ShowReviewerPhoto         => C4::Context->preference("ShowReviewerPhoto"),
             suggestion                => "" . C4::Context->preference("suggestion"),
             virtualshelves            => "" . C4::Context->preference("virtualshelves"),
             OPACSerialIssueDisplayCount => C4::Context->preference("OPACSerialIssueDisplayCount"),
@@ -466,11 +464,11 @@ sub get_template_and_user {
             SyndeticsAwards              => C4::Context->preference("SyndeticsAwards"),
             SyndeticsSeries              => C4::Context->preference("SyndeticsSeries"),
             SyndeticsCoverImageSize      => C4::Context->preference("SyndeticsCoverImageSize"),
+            OPACLocalCoverImages         => C4::Context->preference("OPACLocalCoverImages"),
         );
 
-        $template->param(OpacPublic => '1') if ($template->param( 'loggedinusername') || C4::Context->preference("OpacPublic"));
+        $template->param(OpacPublic => '1') if ($user || C4::Context->preference("OpacPublic"));
     }
-	$template->param(listloop=>[{shelfname=>"Freelist", shelfnumber=>110}]);
     return ( $template, $borrowernumber, $cookie, $flags);
 }
 
@@ -560,19 +558,18 @@ sub _version_check ($$) {
     # and so we must redirect to OPAC maintenance page or to the WebInstaller
 	# also, if OpacMaintenance is ON, OPAC should redirect to maintenance
 	if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') {
-		warn "OPAC Install required, redirecting to maintenance";
-		print $query->redirect("/cgi-bin/koha/maintenance.pl");
-	}
-    unless ($version = C4::Context->preference('Version')) {    # assignment, not comparison
-      if ($type ne 'opac') {
-        warn "Install required, redirecting to Installer";
-        print $query->redirect("/cgi-bin/koha/installer/install.pl");
-      }
-      else {
         warn "OPAC Install required, redirecting to maintenance";
         print $query->redirect("/cgi-bin/koha/maintenance.pl");
-      }
-      exit;
+    }
+    unless ( $version = C4::Context->preference('Version') ) {    # assignment, not comparison
+        if ( $type ne 'opac' ) {
+            warn "Install required, redirecting to Installer";
+            print $query->redirect("/cgi-bin/koha/installer/install.pl");
+        } else {
+            warn "OPAC Install required, redirecting to maintenance";
+            print $query->redirect("/cgi-bin/koha/maintenance.pl");
+        }
+        safe_exit;
     }
 
     # check that database and koha version are the same
@@ -592,7 +589,7 @@ sub _version_check ($$) {
             warn sprintf("OPAC: " . $warning, 'maintenance');
             print $query->redirect("/cgi-bin/koha/maintenance.pl");
         }
-        exit;
+        safe_exit;
     }
 }
 
@@ -627,6 +624,10 @@ sub checkauth {
     my ( $userid, $cookie, $sessionID, $flags, $barshelves, $pubshelves );
     my $logout = $query->param('logout.x');
 
+    # This parameter is the name of the CAS server we want to authenticate against,
+    # when using authentication against multiple CAS servers, as configured in Auth_cas_servers.yaml
+    my $casparam = $query->param('cas');
+
     if ( $userid = $ENV{'REMOTE_USER'} ) {
         # Using Basic Authentication, no cookies required
         $cookie = $query->cookie(
@@ -657,7 +658,8 @@ sub checkauth {
             $userid   = $session->param('id');
 			$sessiontype = $session->param('sessiontype');
         }
-        if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
+        if ( ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) )
+          || ( $cas && $query->param('ticket') ) ) {
             #if a user enters an id ne to the id in the current session, we need to log them in...
             #first we need to clear the anonymous session...
             $debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
@@ -672,7 +674,7 @@ sub checkauth {
             $session->flush;
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
-            _session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime));
+            #_session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime));
             $sessionID = undef;
             $userid    = undef;
 
@@ -685,7 +687,7 @@ sub checkauth {
             $info{'timed_out'} = 1;
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
-            _session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime));
+            #_session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime));
             $userid    = undef;
             $sessionID = undef;
         }
@@ -696,7 +698,7 @@ sub checkauth {
             $info{'different_ip'} = 1;
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
-            _session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'});
+            #_session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'});
             $sessionID = undef;
             $userid    = undef;
         }
@@ -720,7 +722,7 @@ sub checkauth {
        	C4::Context->_new_userenv($sessionID);
         $cookie = $query->cookie(CGISESSID => $sessionID);
 	    $userid    = $query->param('userid');
-    	    if ($cas || $userid) {
+            if (($cas && $query->param('ticket')) || $userid) {
         	my $password = $query->param('password');
 		my ($return, $cardnumber);
 		if ($cas && $query->param('ticket')) {
@@ -729,10 +731,12 @@ sub checkauth {
 		    $userid = $retuserid;
 		    $info{'invalidCasLogin'} = 1 unless ($return);
         	} else {
-		    ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query );
+		    my $retuserid;
+		    ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
+		    $userid = $retuserid if ($retuserid ne '');
 		}
 		if ($return) {
-               _session_log(sprintf "%20s from %16s logged in  at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime));
+               #_session_log(sprintf "%20s from %16s logged in  at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime));
             	if ( $flags = haspermission(  $userid, $flagsrequired ) ) {
 					$loggedin = 1;
             	}
@@ -755,20 +759,21 @@ sub checkauth {
                 	";
                 	my $sth = $dbh->prepare("$select where userid=?");
                 	$sth->execute($userid);
-					unless ($sth->rows) {
-                		$debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
-						$sth = $dbh->prepare("$select where cardnumber=?");
-                   		$sth->execute($cardnumber);
-						unless ($sth->rows) {
-                			$debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
-                    		$sth->execute($userid);
-							unless ($sth->rows) {
-                				$debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
-							}
-						}
-					}
+			unless ($sth->rows) {
+		    	    $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
+		    	    $sth = $dbh->prepare("$select where cardnumber=?");
+		       	    $sth->execute($cardnumber);
+
+		    	    unless ($sth->rows) {
+				$debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
+				$sth->execute($userid);
+				unless ($sth->rows) {
+				    $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+				}
+			    }
+			}
                 	if ($sth->rows) {
-                    	($borrowernumber, $firstname, $surname, $userflags,
+			    ($borrowernumber, $firstname, $surname, $userflags,
                     		$branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
 						$debug and print STDERR "AUTH_3 results: " .
 							"$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
@@ -921,8 +926,17 @@ sub checkauth {
     }
 
     my $template_name = ( $type eq 'opac' ) ? 'opac-auth.tmpl' : 'auth.tmpl';
-    my $template = gettemplate( $template_name, $type, $query );
+    my $template = C4::Templates::gettemplate( $template_name, $type, $query );
     $template->param(branchloop => \@branch_loop,);
+    my $checkstyle = C4::Context->preference("opaccolorstylesheet");
+    if ($checkstyle =~ /\//)
+	{
+            	$template->param( opacexternalsheet => $checkstyle);
+	} else
+	{
+		my $opaccolorstylesheet = C4::Context->preference("opaccolorstylesheet");  
+            $template->param( opaccolorstylesheet => $opaccolorstylesheet);
+	}
     $template->param(
     login        => 1,
         INPUTS               => \@inputs,
@@ -932,12 +946,12 @@ sub checkauth {
         LibraryName          => C4::Context->preference("LibraryName"),
         opacuserlogin        => C4::Context->preference("opacuserlogin"),
         OpacNav              => C4::Context->preference("OpacNav"),
+        OpacNavBottom        => C4::Context->preference("OpacNavBottom"),
         opaccredits          => C4::Context->preference("opaccredits"),
         OpacFavicon          => C4::Context->preference("OpacFavicon"),
         opacreadinghistory   => C4::Context->preference("opacreadinghistory"),
         opacsmallimage       => C4::Context->preference("opacsmallimage"),
         opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"),
-        opaccolorstylesheet  => C4::Context->preference("opaccolorstylesheet"),
         opaclanguagesdisplay => C4::Context->preference("opaclanguagesdisplay"),
         opacuserjs           => C4::Context->preference("opacuserjs"),
         opacbookbag          => "" . C4::Context->preference("opacbookbag"),
@@ -963,11 +977,28 @@ sub checkauth {
     $template->param( OpacPublic => C4::Context->preference("OpacPublic"));
     $template->param( loginprompt => 1 ) unless $info{'nopermission'};
 
-    if ($cas) { 
+    if ($cas) {
+
+	# Is authentication against multiple CAS servers enabled?
+        if (C4::Auth_with_cas::multipleAuth && !$casparam) {
+	    my $casservers = C4::Auth_with_cas::getMultipleAuth();		    
+	    my @tmplservers;
+	    foreach my $key (keys %$casservers) {
+		push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" };
+	    }
+	    #warn Data::Dumper::Dumper(\@tmplservers);
+	    $template->param(
+		casServersLoop => \@tmplservers
+	    );
+	} else {
+        $template->param(
+            casServerUrl    => login_cas_url($query),
+	    );
+	}
+
 	$template->param(
-	    casServerUrl    => login_cas_url(),
-	    invalidCasLogin => $info{'invalidCasLogin'}
-	);
+            invalidCasLogin => $info{'invalidCasLogin'}
+        );
     }
 
     my $self_url = $query->url( -absolute => 1 );
@@ -975,7 +1006,7 @@ sub checkauth {
         url         => $self_url,
         LibraryName => C4::Context->preference("LibraryName"),
     );
-    $template->param( \%info );
+    $template->param( %info );
 #    $cookie = $query->cookie(CGISESSID => $session->id
 #   );
     print $query->header(
@@ -984,7 +1015,7 @@ sub checkauth {
         -cookie => $cookie
       ),
       $template->output;
-    exit;
+    safe_exit;
 }
 
 =head2 check_api_auth
@@ -1057,7 +1088,7 @@ sub check_api_auth {
     unless ($query->param('userid')) {
         $sessionID = $query->cookie("CGISESSID");
     }
-    if ($sessionID) {
+    if ($sessionID && not ($cas && $query->param('PT')) ) {
         my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
         if ($session) {
@@ -1107,18 +1138,24 @@ sub check_api_auth {
         # new login
         my $userid = $query->param('userid');
         my $password = $query->param('password');
-        unless ($userid and $password) {
-            # caller did something wrong, fail the authenticateion
-            return ("failed", undef, undef);
-        }
-	my ($return, $cardnumber);
-	if ($cas && $query->param('ticket')) {
+       	my ($return, $cardnumber);
+
+	# Proxy CAS auth
+	if ($cas && $query->param('PT')) {
 	    my $retuserid;
-	    ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
-	    $userid = $retuserid;
+	    $debug and print STDERR "## check_api_auth - checking CAS\n";
+	    # In case of a CAS authentication, we use the ticket instead of the password
+	    my $PT = $query->param('PT');
+	    ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query);    # EXTERNAL AUTH
 	} else {
+	    # User / password auth
+	    unless ($userid and $password) {
+		# caller did something wrong, fail the authenticateion
+		return ("failed", undef, undef);
+	    }
 	    ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query );
 	}
+
         if ($return and haspermission(  $userid, $flagsrequired)) {
             my $session = get_session("");
             return ("failed", undef, undef) unless $session;
@@ -1356,8 +1393,8 @@ sub get_session {
     elsif ($storage_method eq 'Pg') {
         $session = new CGI::Session("driver:PostgreSQL;serializer:yaml;id:md5", $sessionID, {Handle=>$dbh});
     }
-    elsif ($storage_method eq 'memcached' && $servers){
-	$session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => $memcached } );
+    elsif ($storage_method eq 'memcached' && C4::Context->ismemcached){
+	$session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } );
     }
     else {
         # catch all defaults to tmp should work on all systems
@@ -1371,11 +1408,11 @@ sub checkpw {
     my ( $dbh, $userid, $password, $query ) = @_;
     if ($ldap) {
         $debug and print "## checkpw - checking LDAP\n";
-        my ($retval,$retcard) = checkpw_ldap(@_);    # EXTERNAL AUTH
-        ($retval) and return ($retval,$retcard);
+        my ($retval,$retcard,$retuserid) = checkpw_ldap(@_);    # EXTERNAL AUTH
+        ($retval) and return ($retval,$retcard,$retuserid);
     }
 
-    if ($cas && $query->param('ticket')) {
+    if ($cas && $query && $query->param('ticket')) {
         $debug and print STDERR "## checkpw - checking CAS\n";
 	# In case of a CAS authentication, we use the ticket instead of the password
 	my $ticket = $query->param('ticket');
@@ -1398,7 +1435,7 @@ sub checkpw {
 
             C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
-            return 1, $cardnumber;
+            return 1, $cardnumber, $userid;
         }
     }
     $sth =
@@ -1414,7 +1451,7 @@ sub checkpw {
 
             C4::Context->set_userenv( $borrowernumber, $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
         }
     }
     if (   $userid && $userid eq C4::Context->config('user')
@@ -1562,7 +1599,7 @@ sub haspermission {
     my ($userid, $flagsrequired) = @_;
     my $sth = C4::Context->dbh->prepare("SELECT flags FROM borrowers WHERE userid=?");
     $sth->execute($userid);
-    my $flags = getuserflags( $sth->fetchrow(), $userid );
+    my $flags = getuserflags($sth->fetchrow(), $userid);
     if ( $userid eq C4::Context->config('user') ) {
         # Super User Account from /etc/koha.conf
         $flags->{'superlibrarian'} = 1;
@@ -1571,7 +1608,9 @@ sub haspermission {
         # Demo user that can do "anything" (demo=1 in /etc/koha.conf)
         $flags->{'superlibrarian'} = 1;
     }
+
     return $flags if $flags->{superlibrarian};
+
     foreach my $module ( keys %$flagsrequired ) {
         my $subperm = $flagsrequired->{$module};
         if ($subperm eq '*') {