-#!/usr/bin/perl -w
+#!/usr/bin/perl
# Copyright (C) 2007 LibLime
#
use CGI;
use CGI::Session;
use C4::Context;
+use C4::Auth qw/get_session check_cookie_auth/;
use CGI::Cookie; # need to check cookies before
# having CGI parse the POST request
use Digest::MD5;
my %cookies = fetch CGI::Cookie;
-my $sessionID = $cookies{'CGISESSID'}->value;
+my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => 1 });
+if ($auth_status ne "ok") {
+ $auth_status = 'denied' if $auth_status eq 'failed';
+ send_reply($auth_status, "", "");
+ exit 0;
+}
-my $dbh = C4::Context->dbh;
-# FIXME get correct session -- not just mysql
-my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+my $session = get_session($sessionID);
# upload-file.pl must authenticate the user
# before processing the POST request,
# requires that the session cookie already
# have been created., $fileid, $tmp_file_name
-# FIXME - add authentication based on cookie
-
my $fileid = Digest::MD5::md5_hex(Digest::MD5::md5_hex(time().{}.rand().{}.$$));
# FIXME - make staging area configurable