X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=3a55b2159981149b26e2fcde3ab6811b1f68e489;hb=31113608909414cc5196244bf117ebc2f6115e58;hp=63fcfd82b7ac248aac36818f8d5c65936e91b95c;hpb=c0d85e87b416e76273d9e043a0e53cf2e0f5ed75;p=koha_gimpoz diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm old mode 100755 new mode 100644 index 63fcfd82b7..3a55b21599 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -16,24 +16,24 @@ package InstallAuth; # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; +#use warnings; FIXME - Bug 2505 use Digest::MD5 qw(md5_base64); require Exporter; use C4::Context; use C4::Output; use C4::Koha; +use CGI::Session; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); # set the version for version checking -$VERSION = do { my @v = '$Revision$' =~ /\d+/g; - shift(@v) . "." . join( "_", map { sprintf "%03d", $_ } @v ); -}; +$VERSION = 3.00; =head1 NAME @@ -43,6 +43,7 @@ InstallAuth - Authenticates Koha users for Install process use CGI; use InstallAuth; + use C4::Output; my $query = new CGI; @@ -54,11 +55,7 @@ InstallAuth - Authenticates Koha users for Install process flagsrequired => {borrow => 1}, }); - print $query->header( - -type => 'utf-8', - -cookie => $cookie - ), $template->output; - + output_html_with_http_headers $query, $cookie, $template->output; =head1 DESCRIPTION @@ -81,7 +78,6 @@ InstallAuth - Authenticates Koha users for Install process @EXPORT = qw( &checkauth &get_template_and_user - &setlanguagecookie ); =item get_template_and_user @@ -112,35 +108,37 @@ InstallAuth - Authenticates Koha users for Install process sub get_template_and_user { my $in = shift; - my $query=$in->{'query'}; - my $language=$query->cookie('KohaOpacLanguage'); - my $path=C4::Context->config('intrahtdocs')."/prog/".($language?$language:"en"); - my $template = HTML::Template::Pro->new( - filename => "$path/".$in->{template_name}, + my $query = $in->{'query'}; + my $language = $query->cookie('KohaOpacLanguage'); + my $path = + C4::Context->config('intrahtdocs') . "/prog/" + . ( $language ? $language : "en" ); + my $template = HTML::Template::Pro->new( + filename => "$path/modules/" . $in->{template_name}, die_on_bad_params => 1, global_vars => 1, case_sensitive => 1, path => ["$path/includes"] ); - + my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, $in->{'authnotrequired'}, $in->{'flagsrequired'}, $in->{'type'} ); -# use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); + + # use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); my $borrowernumber; if ($user) { $template->param( loggedinusername => $user ); $template->param( sessionID => $sessionID ); - # We are going to use the $flags returned by checkauth # to create the template's parameters that will indicate # which menus the user can access. - if (( $flags && $flags->{superlibrarian}==1)) { + if ( ( $flags && $flags->{superlibrarian} == 1 ) ) { $template->param( CAN_user_circulate => 1 ); $template->param( CAN_user_catalogue => 1 ); $template->param( CAN_user_parameters => 1 ); @@ -149,10 +147,10 @@ sub get_template_and_user { $template->param( CAN_user_reserveforothers => 1 ); $template->param( CAN_user_borrow => 1 ); $template->param( CAN_user_editcatalogue => 1 ); - $template->param( CAN_user_updatecharge => 1 ); + $template->param( CAN_user_updatecharges => 1 ); $template->param( CAN_user_acquisition => 1 ); $template->param( CAN_user_management => 1 ); - $template->param( CAN_user_tools => 1 ); + $template->param( CAN_user_tools => 1 ); $template->param( CAN_user_editauthorities => 1 ); $template->param( CAN_user_serials => 1 ); $template->param( CAN_user_reports => 1 ); @@ -228,7 +226,7 @@ sub checkauth { my $type = shift; $type = 'intranet' unless $type; - + my $dbh = C4::Context->dbh(); my $template_name; $template_name = "installer/auth.tmpl"; @@ -237,23 +235,27 @@ sub checkauth { my %info; my ( $userid, $cookie, $sessionID, $flags, $envcookie ); my $logout = $query->param('logout.x'); - if ( $sessionID = $query->cookie('sessionID') ) { + if ( $sessionID = $query->cookie("CGISESSID") ) { C4::Context->_new_userenv($sessionID); - if ( my %hash = $query->cookie('userenv') ) { + my $session = + new CGI::Session( "driver:File;serializer:yaml", $sessionID, + { Directory => '/tmp' } ); + if ( $session->param('cardnumber') ) { C4::Context::set_userenv( - $hash{number}, $hash{id}, - $hash{cardnumber}, $hash{firstname}, - $hash{surname}, $hash{branch}, - $hash{branchname}, $hash{flags}, - $hash{emailaddress}, $hash{branchprinter} + $session->param('number'), + $session->param('id'), + $session->param('cardnumber'), + $session->param('firstname'), + $session->param('surname'), + $session->param('branch'), + $session->param('branchname'), + $session->param('flags'), + $session->param('emailaddress'), + $session->param('branchprinter') ); - $cookie = $query->cookie( - -name => 'sessionID', - -value => $sessionID, - -expires => '' - ); - $loggedin=1; - $userid = $hash{cardnumber}; + $cookie = $query->cookie( CGISESSID => $session->id ); + $loggedin = 1; + $userid = $session->param('cardnumber'); } my ( $ip, $lasttime ); @@ -271,44 +273,47 @@ sub checkauth { } } unless ($userid) { - $sessionID = int( rand() * 100000 ) . '-' . time(); + my $session = + new CGI::Session( "driver:File;serializer:yaml", undef, { Directory => '/tmp' } ); + $sessionID = $session->id; $userid = $query->param('userid'); C4::Context->_new_userenv($sessionID); my $password = $query->param('password'); C4::Context->_new_userenv($sessionID); my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { - $loggedin=1; + $loggedin = 1; open L, ">>/tmp/sessionlog"; my $time = localtime( time() ); printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time; close L; - $cookie = $query->cookie( - -name => 'sessionID', - -value => $sessionID, - -expires => '' - ); + $cookie = $query->cookie( CGISESSID => $sessionID ); if ( $return == 2 ) { - #Only superlibrarian should have access to this page. - #Since if it is a user, it is supposed that there is a borrower table - #And thus that data structure is loaded. + + #Only superlibrarian should have access to this page. + #Since if it is a user, it is supposed that there is a borrower table + #And thus that data structure is loaded. my $hash = C4::Context::set_userenv( - 0, - 0, - C4::Context->config('user'), - C4::Context->config('user'), - C4::Context->config('user'), - "", - "NO_LIBRARY_SET", - 1,"" + 0, 0, + C4::Context->config('user'), C4::Context->config('user'), + C4::Context->config('user'), "", + "NO_LIBRARY_SET", 1, + "" ); - $envcookie = $query->cookie( - -name => 'userenv', - -value => $hash, - -expires => '' - ); - $userid=C4::Context->config('user'); + $session->param( 'number', 0 ); + $session->param( 'id', C4::Context->config('user') ); + $session->param( 'cardnumber', C4::Context->config('user') ); + $session->param( 'firstname', C4::Context->config('user') ); + $session->param( 'surname', C4::Context->config('user'), ); + $session->param( 'branch', 'NO_LIBRARY_SET' ); + $session->param( 'branchname', 'NO_LIBRARY_SET' ); + $session->param( 'flags', 1 ); + $session->param( 'emailaddress', + C4::Context->preference('KohaAdminEmailAddress') ); + $session->param( 'ip', $session->remote_addr() ); + $session->param( 'lasttime', time() ); + $userid = C4::Context->config('user'); } } else { @@ -320,13 +325,12 @@ sub checkauth { } # finished authentification, now respond - if ( $loggedin ) - { + if ($loggedin) { # successful login unless ($cookie) { $cookie = $query->cookie( - -name => 'sessionID', + -name => 'CGISESSID', -value => '', -expires => '' ); @@ -348,33 +352,34 @@ sub checkauth { push @inputs, { name => $name, value => $value }; } - my $path=C4::Context->config('intrahtdocs')."/prog/".($query->param('language')?$query->param('language'):"en"); - my $template = HTML::Template::Pro->new( - filename => "$path/$template_name", + my $path = + C4::Context->config('intrahtdocs') . "/prog/" + . ( $query->param('language') ? $query->param('language') : "en" ); + my $template = HTML::Template::Pro->new( + filename => "$path/modules/$template_name", die_on_bad_params => 1, global_vars => 1, case_sensitive => 1, path => ["$path/includes"] ); $template->param( - INPUTS => \@inputs, + INPUTS => \@inputs, ); + $template->param( login => 1 ); $template->param( loginprompt => 1 ) unless $info{'nopermission'}; my $self_url = $query->url( -absolute => 1 ); - $template->param( - url => $self_url, - ); + $template->param( url => $self_url, ); $template->param( \%info ); $cookie = $query->cookie( - -name => 'sessionID', + -name => 'CGISESSID', -value => $sessionID, -expires => '' ); print $query->header( - -type => 'utf-8', - -cookie => $cookie + -type => 'text/html; charset=utf-8', + -cookie => $cookie ), $template->output; exit; @@ -384,14 +389,23 @@ sub checkpw { my ( $userid, $password ) = @_; - if ( $userid && $userid eq C4::Context->config('user') + if ( $userid + && $userid eq C4::Context->config('user') && "$password" eq C4::Context->config('pass') ) { -# Koha superuser account - C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1); + + # Koha superuser account + C4::Context->set_userenv( + 0, 0, + C4::Context->config('user'), + C4::Context->config('user'), + C4::Context->config('user'), + "", 1 + ); return 2; } - if ( $userid && $userid eq 'demo' + if ( $userid + && $userid eq 'demo' && "$password" eq 'demo' && C4::Context->config('demo') ) { @@ -403,7 +417,6 @@ sub checkpw { return 0; } - END { } # module clean-up code here (global destructor) 1; __END__