X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=0015a14e2d6e581d178fe8b6e60d8b70e0fee67e;hb=b1451ab1273bc8039d8b85c83422dc1c29db385d;hp=63fcfd82b7ac248aac36818f8d5c65936e91b95c;hpb=cdbbf1e7d8de0518ded4e122709c24316cdefbe5;p=koha_fer diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 63fcfd82b7..0015a14e2d 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -16,24 +16,25 @@ package InstallAuth; # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; +#use warnings; FIXME - Bug 2505 use Digest::MD5 qw(md5_base64); require Exporter; use C4::Context; use C4::Output; +use C4::Templates; use C4::Koha; +use CGI::Session; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); # set the version for version checking -$VERSION = do { my @v = '$Revision$' =~ /\d+/g; - shift(@v) . "." . join( "_", map { sprintf "%03d", $_ } @v ); -}; +$VERSION = 3.00; =head1 NAME @@ -43,6 +44,7 @@ InstallAuth - Authenticates Koha users for Install process use CGI; use InstallAuth; + use C4::Output; my $query = new CGI; @@ -54,11 +56,7 @@ InstallAuth - Authenticates Koha users for Install process flagsrequired => {borrow => 1}, }); - print $query->header( - -type => 'utf-8', - -cookie => $cookie - ), $template->output; - + output_html_with_http_headers $query, $cookie, $template->output; =head1 DESCRIPTION @@ -81,7 +79,6 @@ InstallAuth - Authenticates Koha users for Install process @EXPORT = qw( &checkauth &get_template_and_user - &setlanguagecookie ); =item get_template_and_user @@ -106,22 +103,21 @@ InstallAuth - Authenticates Koha users for Install process authenticated page. More information on the C sub can be found in the - Output.pm module. + Templates.pm module. =cut sub get_template_and_user { my $in = shift; - my $query=$in->{'query'}; - my $language=$query->cookie('KohaOpacLanguage'); - my $path=C4::Context->config('intrahtdocs')."/prog/".($language?$language:"en"); - my $template = HTML::Template::Pro->new( - filename => "$path/".$in->{template_name}, - die_on_bad_params => 1, - global_vars => 1, - case_sensitive => 1, - path => ["$path/includes"] - ); + my $query = $in->{'query'}; + my $language =_get_template_language($query->cookie('KohaOpacLanguage')); + my $path = C4::Context->config('intrahtdocs'). "/prog/". $language; + + my $tmplbase = $in->{template_name}; + $tmplbase=~ s/\.tmpl$/.tt/; + my $filename = "$path/modules/" . $tmplbase; + my $interface = 'intranet'; + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, @@ -129,18 +125,18 @@ sub get_template_and_user { $in->{'flagsrequired'}, $in->{'type'} ); -# use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); + + # use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); my $borrowernumber; if ($user) { $template->param( loggedinusername => $user ); $template->param( sessionID => $sessionID ); - # We are going to use the $flags returned by checkauth # to create the template's parameters that will indicate # which menus the user can access. - if (( $flags && $flags->{superlibrarian}==1)) { + if ( ( $flags && $flags->{superlibrarian} == 1 ) ) { $template->param( CAN_user_circulate => 1 ); $template->param( CAN_user_catalogue => 1 ); $template->param( CAN_user_parameters => 1 ); @@ -149,10 +145,10 @@ sub get_template_and_user { $template->param( CAN_user_reserveforothers => 1 ); $template->param( CAN_user_borrow => 1 ); $template->param( CAN_user_editcatalogue => 1 ); - $template->param( CAN_user_updatecharge => 1 ); + $template->param( CAN_user_updatecharges => 1 ); $template->param( CAN_user_acquisition => 1 ); $template->param( CAN_user_management => 1 ); - $template->param( CAN_user_tools => 1 ); + $template->param( CAN_user_tools => 1 ); $template->param( CAN_user_editauthorities => 1 ); $template->param( CAN_user_serials => 1 ); $template->param( CAN_user_reports => 1 ); @@ -161,6 +157,17 @@ sub get_template_and_user { return ( $template, $borrowernumber, $cookie ); } +sub _get_template_language { + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; +} + =item checkauth ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type); @@ -228,7 +235,7 @@ sub checkauth { my $type = shift; $type = 'intranet' unless $type; - + my $dbh = C4::Context->dbh(); my $template_name; $template_name = "installer/auth.tmpl"; @@ -237,23 +244,31 @@ sub checkauth { my %info; my ( $userid, $cookie, $sessionID, $flags, $envcookie ); my $logout = $query->param('logout.x'); - if ( $sessionID = $query->cookie('sessionID') ) { + if ( $sessionID = $query->cookie("CGISESSID") ) { C4::Context->_new_userenv($sessionID); - if ( my %hash = $query->cookie('userenv') ) { + my $session = + new CGI::Session( "driver:File;serializer:yaml", $sessionID, + { Directory => '/tmp' } ); + if ( $session->param('cardnumber') ) { C4::Context::set_userenv( - $hash{number}, $hash{id}, - $hash{cardnumber}, $hash{firstname}, - $hash{surname}, $hash{branch}, - $hash{branchname}, $hash{flags}, - $hash{emailaddress}, $hash{branchprinter} + $session->param('number'), + $session->param('id'), + $session->param('cardnumber'), + $session->param('firstname'), + $session->param('surname'), + $session->param('branch'), + $session->param('branchname'), + $session->param('flags'), + $session->param('emailaddress'), + $session->param('branchprinter') ); $cookie = $query->cookie( - -name => 'sessionID', - -value => $sessionID, - -expires => '' + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, ); - $loggedin=1; - $userid = $hash{cardnumber}; + $loggedin = 1; + $userid = $session->param('cardnumber'); } my ( $ip, $lasttime ); @@ -263,52 +278,60 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, - $ip, $time; - close L; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged out at %30s (manually).\n", $userid, + # $ip, $time; + # close L; } } unless ($userid) { - $sessionID = int( rand() * 100000 ) . '-' . time(); + my $session = + new CGI::Session( "driver:File;serializer:yaml", undef, { Directory => '/tmp' } ); + $sessionID = $session->id; $userid = $query->param('userid'); C4::Context->_new_userenv($sessionID); my $password = $query->param('password'); C4::Context->_new_userenv($sessionID); my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { - $loggedin=1; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged in at %30s.\n", $userid, - $ENV{'REMOTE_ADDR'}, $time; - close L; + $loggedin = 1; + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged in at %30s.\n", $userid, + # $ENV{'REMOTE_ADDR'}, $time; + # close L; $cookie = $query->cookie( - -name => 'sessionID', - -value => $sessionID, - -expires => '' + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, ); if ( $return == 2 ) { - #Only superlibrarian should have access to this page. - #Since if it is a user, it is supposed that there is a borrower table - #And thus that data structure is loaded. + + #Only superlibrarian should have access to this page. + #Since if it is a user, it is supposed that there is a borrower table + #And thus that data structure is loaded. my $hash = C4::Context::set_userenv( - 0, - 0, - C4::Context->config('user'), - C4::Context->config('user'), - C4::Context->config('user'), - "", - "NO_LIBRARY_SET", - 1,"" - ); - $envcookie = $query->cookie( - -name => 'userenv', - -value => $hash, - -expires => '' + 0, 0, + C4::Context->config('user'), C4::Context->config('user'), + C4::Context->config('user'), "", + "NO_LIBRARY_SET", 1, + "" ); - $userid=C4::Context->config('user'); + $session->param( 'number', 0 ); + $session->param( 'id', C4::Context->config('user') ); + $session->param( 'cardnumber', C4::Context->config('user') ); + $session->param( 'firstname', C4::Context->config('user') ); + $session->param( 'surname', C4::Context->config('user'), ); + $session->param( 'branch', 'NO_LIBRARY_SET' ); + $session->param( 'branchname', 'NO_LIBRARY_SET' ); + $session->param( 'flags', 1 ); + $session->param( 'emailaddress', + C4::Context->preference('KohaAdminEmailAddress') ); + $session->param( 'ip', $session->remote_addr() ); + $session->param( 'lasttime', time() ); + $userid = C4::Context->config('user'); } } else { @@ -320,14 +343,14 @@ sub checkauth { } # finished authentification, now respond - if ( $loggedin ) - { + if ($loggedin) { # successful login unless ($cookie) { $cookie = $query->cookie( - -name => 'sessionID', + -name => 'CGISESSID', -value => '', + -HttpOnly => 1, -expires => '' ); } @@ -348,33 +371,32 @@ sub checkauth { push @inputs, { name => $name, value => $value }; } - my $path=C4::Context->config('intrahtdocs')."/prog/".($query->param('language')?$query->param('language'):"en"); - my $template = HTML::Template::Pro->new( - filename => "$path/$template_name", - die_on_bad_params => 1, - global_vars => 1, - case_sensitive => 1, - path => ["$path/includes"] - ); + my $path = + C4::Context->config('intrahtdocs') . "/prog/" + . ( $query->param('language') ? $query->param('language') : "en" ); + my $filename = "$path/modules/$template_name"; + $filename =~ s/\.tmpl$/.tt/; + my $interface = 'intranet'; + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( - INPUTS => \@inputs, + INPUTS => \@inputs, ); + $template->param( login => 1 ); $template->param( loginprompt => 1 ) unless $info{'nopermission'}; my $self_url = $query->url( -absolute => 1 ); - $template->param( - url => $self_url, - ); + $template->param( url => $self_url, ); $template->param( \%info ); $cookie = $query->cookie( - -name => 'sessionID', + -name => 'CGISESSID', -value => $sessionID, + -HttpOnly => 1, -expires => '' ); print $query->header( - -type => 'utf-8', - -cookie => $cookie + -type => 'text/html; charset=utf-8', + -cookie => $cookie ), $template->output; exit; @@ -384,14 +406,23 @@ sub checkpw { my ( $userid, $password ) = @_; - if ( $userid && $userid eq C4::Context->config('user') + if ( $userid + && $userid eq C4::Context->config('user') && "$password" eq C4::Context->config('pass') ) { -# Koha superuser account - C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1); + + # Koha superuser account + C4::Context->set_userenv( + 0, 0, + C4::Context->config('user'), + C4::Context->config('user'), + C4::Context->config('user'), + "", 1 + ); return 2; } - if ( $userid && $userid eq 'demo' + if ( $userid + && $userid eq 'demo' && "$password" eq 'demo' && C4::Context->config('demo') ) { @@ -403,7 +434,6 @@ sub checkpw { return 0; } - END { } # module clean-up code here (global destructor) 1; __END__