X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=0015a14e2d6e581d178fe8b6e60d8b70e0fee67e;hb=4e936f9c42742894a64e96519bc646e0197c4f5e;hp=5c983bd7fedaf7cc5b0e164a1330ebabc70841a9;hpb=836b9857ed9d6ff51a8d9da088b44dac9154fefb;p=koha_fer diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 5c983bd7fe..0015a14e2d 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -16,25 +16,25 @@ package InstallAuth; # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; +#use warnings; FIXME - Bug 2505 use Digest::MD5 qw(md5_base64); require Exporter; use C4::Context; use C4::Output; +use C4::Templates; use C4::Koha; use CGI::Session; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); # set the version for version checking -$VERSION = do { my @v = '$Revision$' =~ /\d+/g; - shift(@v) . "." . join( "_", map { sprintf "%03d", $_ } @v ); -}; +$VERSION = 3.00; =head1 NAME @@ -44,6 +44,7 @@ InstallAuth - Authenticates Koha users for Install process use CGI; use InstallAuth; + use C4::Output; my $query = new CGI; @@ -55,11 +56,7 @@ InstallAuth - Authenticates Koha users for Install process flagsrequired => {borrow => 1}, }); - print $query->header( - -type => 'utf-8', - -cookie => $cookie - ), $template->output; - + output_html_with_http_headers $query, $cookie, $template->output; =head1 DESCRIPTION @@ -82,7 +79,6 @@ InstallAuth - Authenticates Koha users for Install process @EXPORT = qw( &checkauth &get_template_and_user - &setlanguagecookie ); =item get_template_and_user @@ -107,25 +103,22 @@ InstallAuth - Authenticates Koha users for Install process authenticated page. More information on the C sub can be found in the - Output.pm module. + Templates.pm module. =cut sub get_template_and_user { my $in = shift; my $query = $in->{'query'}; - my $language = $query->cookie('KohaOpacLanguage'); - my $path = - C4::Context->config('intrahtdocs') . "/prog/" - . ( $language ? $language : "en" ); - my $template = HTML::Template::Pro->new( - filename => "$path/" . $in->{template_name}, - die_on_bad_params => 1, - global_vars => 1, - case_sensitive => 1, - path => ["$path/includes"] - ); - + my $language =_get_template_language($query->cookie('KohaOpacLanguage')); + my $path = C4::Context->config('intrahtdocs'). "/prog/". $language; + + my $tmplbase = $in->{template_name}; + $tmplbase=~ s/\.tmpl$/.tt/; + my $filename = "$path/modules/" . $tmplbase; + my $interface = 'intranet'; + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); + my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, $in->{'authnotrequired'}, @@ -152,7 +145,7 @@ sub get_template_and_user { $template->param( CAN_user_reserveforothers => 1 ); $template->param( CAN_user_borrow => 1 ); $template->param( CAN_user_editcatalogue => 1 ); - $template->param( CAN_user_updatecharge => 1 ); + $template->param( CAN_user_updatecharges => 1 ); $template->param( CAN_user_acquisition => 1 ); $template->param( CAN_user_management => 1 ); $template->param( CAN_user_tools => 1 ); @@ -164,6 +157,17 @@ sub get_template_and_user { return ( $template, $borrowernumber, $cookie ); } +sub _get_template_language { + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; +} + =item checkauth ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type); @@ -243,7 +247,7 @@ sub checkauth { if ( $sessionID = $query->cookie("CGISESSID") ) { C4::Context->_new_userenv($sessionID); my $session = - new CGI::Session( "driver:File", $sessionID, + new CGI::Session( "driver:File;serializer:yaml", $sessionID, { Directory => '/tmp' } ); if ( $session->param('cardnumber') ) { C4::Context::set_userenv( @@ -258,7 +262,11 @@ sub checkauth { $session->param('emailaddress'), $session->param('branchprinter') ); - $cookie = $query->cookie( CGISESSID => $session->id ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $loggedin = 1; $userid = $session->param('cardnumber'); } @@ -270,16 +278,17 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, - $ip, $time; - close L; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged out at %30s (manually).\n", $userid, + # $ip, $time; + # close L; } } unless ($userid) { my $session = - new CGI::Session( "driver:File", undef, { Directory => '/tmp' } ); + new CGI::Session( "driver:File;serializer:yaml", undef, { Directory => '/tmp' } ); $sessionID = $session->id; $userid = $query->param('userid'); C4::Context->_new_userenv($sessionID); @@ -288,12 +297,16 @@ sub checkauth { my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { $loggedin = 1; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged in at %30s.\n", $userid, - $ENV{'REMOTE_ADDR'}, $time; - close L; - $cookie = $query->cookie( CGISESSID => $sessionID ); + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged in at %30s.\n", $userid, + # $ENV{'REMOTE_ADDR'}, $time; + # close L; + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 2 ) { #Only superlibrarian should have access to this page. @@ -337,6 +350,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => '', + -HttpOnly => 1, -expires => '' ); } @@ -360,13 +374,10 @@ sub checkauth { my $path = C4::Context->config('intrahtdocs') . "/prog/" . ( $query->param('language') ? $query->param('language') : "en" ); - my $template = HTML::Template::Pro->new( - filename => "$path/$template_name", - die_on_bad_params => 1, - global_vars => 1, - case_sensitive => 1, - path => ["$path/includes"] - ); + my $filename = "$path/modules/$template_name"; + $filename =~ s/\.tmpl$/.tt/; + my $interface = 'intranet'; + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( INPUTS => \@inputs, @@ -380,6 +391,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => $sessionID, + -HttpOnly => 1, -expires => '' ); print $query->header(