- $userid = $query->param('userid');
- C4::Context->_new_userenv($sessionID);
- my $password = $query->param('password');
- C4::Context->_new_userenv($sessionID);
- my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
- if ($return) {
- _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
- $cookie = $query->cookie(CGISESSID => $sessionID);
- if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
- $loggedin = 1;
- }
- else {
- $info{'nopermission'} = 1;
- C4::Context->_unset_userenv($sessionID);
- }
- if ( $return == 1 ) {
- my (
- $borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $branchprinter, $emailaddress
- );
- my $select = "
- SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode,
- branches.branchname as branchname,
- branches.branchprinter as branchprinter,
- email
- FROM borrowers
- LEFT JOIN branches on borrowers.branchcode=branches.branchcode
- ";
- my $sth = $dbh->prepare("$select where userid=?");
- $sth->execute($userid);
- ($sth->rows) and (
- $borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $branchprinter, $emailaddress
- ) = $sth->fetchrow;
-
-# warn "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress";
- unless ( $sth->rows ) {
- my $sth = $dbh->prepare("$select where cardnumber=?");
- $sth->execute($cardnumber);
- ($sth->rows) and (
- $borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $branchprinter, $emailaddress
- ) = $sth->fetchrow;
-
-# warn "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress";
- unless ( $sth->rows ) {
- $sth->execute($userid);
- ($sth->rows) and (
- $borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $branchprinter, $emailaddress
- ) = $sth->fetchrow;
- }
- }
+ elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+ # Different ip than originally logged in from
+ $info{'oldip'} = $ip;
+ $info{'newip'} = $ENV{'REMOTE_ADDR'};
+ $info{'different_ip'} = 1;
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ _session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,localtime, $info{'newip'});
+ $sessionID = undef;
+ $userid = undef;
+ }
+ else {
+ $cookie = $query->cookie( CGISESSID => $session->id );
+ $session->param('lasttime',time());
+ unless ( $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
+ $flags = haspermission( $dbh, $userid, $flagsrequired );
+ if ($flags) {
+ $loggedin = 1;
+ } else {
+ $info{'nopermission'} = 1;
+ }
+ }
+ }
+ }
+ unless ($userid || $sessionID) {
+ #we initiate a session prior to checking for a username to allow for anonymous sessions...
+ my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
+ my $sessionID = $session->id;
+ C4::Context->_new_userenv($sessionID);
+ $cookie = $query->cookie(CGISESSID => $sessionID);
+ if ( $userid = $query->param('userid') ) {
+ my $password = $query->param('password');
+ my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
+ if ($return) {
+ _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
+ if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
+ $loggedin = 1;
+ }
+ else {
+ $info{'nopermission'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+
+ my ($borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress);
+
+ if ( $return == 1 ) {
+ my $select = "
+ SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode,
+ branches.branchname as branchname,
+ branches.branchprinter as branchprinter,
+ email
+ FROM borrowers
+ LEFT JOIN branches on borrowers.branchcode=branches.branchcode
+ ";
+ my $sth = $dbh->prepare("$select where userid=?");
+ $sth->execute($userid);
+ unless ($sth->rows) {
+ $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
+ $sth = $dbh->prepare("$select where cardnumber=?");
+ $sth->execute($cardnumber);
+ unless ($sth->rows) {
+ $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
+ $sth->execute($userid);
+ unless ($sth->rows) {
+ $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+ }
+ }
+ }
+ if ($sth->rows) {
+ ($borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
+ $debug and print STDERR "AUTH_3 results: " .
+ "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
+ } else {
+ print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
+ }