X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;ds=sidebyside;f=installer%2FInstallAuth.pm;h=3a55b2159981149b26e2fcde3ab6811b1f68e489;hb=a65d4188b216a762af97b04c56f33701b0b24742;hp=e7864af93397ec26e3538f90b58fed1afc2a687e;hpb=f14a897b90f484cde39ae9d9f4b414e9fedb2d3e;p=koha.git diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index e7864af933..3a55b21599 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -16,11 +16,12 @@ package InstallAuth; # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; +#use warnings; FIXME - Bug 2505 use Digest::MD5 qw(md5_base64); require Exporter; @@ -32,9 +33,7 @@ use CGI::Session; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); # set the version for version checking -$VERSION = do { my @v = '$Revision$' =~ /\d+/g; - shift(@v) . "." . join( "_", map { sprintf "%03d", $_ } @v ); -}; +$VERSION = 3.00; =head1 NAME @@ -44,6 +43,7 @@ InstallAuth - Authenticates Koha users for Install process use CGI; use InstallAuth; + use C4::Output; my $query = new CGI; @@ -55,11 +55,7 @@ InstallAuth - Authenticates Koha users for Install process flagsrequired => {borrow => 1}, }); - print $query->header( - -type => 'utf-8', - -cookie => $cookie - ), $template->output; - + output_html_with_http_headers $query, $cookie, $template->output; =head1 DESCRIPTION @@ -82,7 +78,6 @@ InstallAuth - Authenticates Koha users for Install process @EXPORT = qw( &checkauth &get_template_and_user - &setlanguagecookie ); =item get_template_and_user @@ -113,35 +108,37 @@ InstallAuth - Authenticates Koha users for Install process sub get_template_and_user { my $in = shift; - my $query=$in->{'query'}; - my $language=$query->cookie('KohaOpacLanguage'); - my $path=C4::Context->config('intrahtdocs')."/prog/".($language?$language:"en"); - my $template = HTML::Template::Pro->new( - filename => "$path/".$in->{template_name}, + my $query = $in->{'query'}; + my $language = $query->cookie('KohaOpacLanguage'); + my $path = + C4::Context->config('intrahtdocs') . "/prog/" + . ( $language ? $language : "en" ); + my $template = HTML::Template::Pro->new( + filename => "$path/modules/" . $in->{template_name}, die_on_bad_params => 1, global_vars => 1, case_sensitive => 1, path => ["$path/includes"] ); - + my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, $in->{'authnotrequired'}, $in->{'flagsrequired'}, $in->{'type'} ); -# use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); + + # use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); my $borrowernumber; if ($user) { $template->param( loggedinusername => $user ); $template->param( sessionID => $sessionID ); - # We are going to use the $flags returned by checkauth # to create the template's parameters that will indicate # which menus the user can access. - if (( $flags && $flags->{superlibrarian}==1)) { + if ( ( $flags && $flags->{superlibrarian} == 1 ) ) { $template->param( CAN_user_circulate => 1 ); $template->param( CAN_user_catalogue => 1 ); $template->param( CAN_user_parameters => 1 ); @@ -150,10 +147,10 @@ sub get_template_and_user { $template->param( CAN_user_reserveforothers => 1 ); $template->param( CAN_user_borrow => 1 ); $template->param( CAN_user_editcatalogue => 1 ); - $template->param( CAN_user_updatecharge => 1 ); + $template->param( CAN_user_updatecharges => 1 ); $template->param( CAN_user_acquisition => 1 ); $template->param( CAN_user_management => 1 ); - $template->param( CAN_user_tools => 1 ); + $template->param( CAN_user_tools => 1 ); $template->param( CAN_user_editauthorities => 1 ); $template->param( CAN_user_serials => 1 ); $template->param( CAN_user_reports => 1 ); @@ -222,6 +219,7 @@ has authenticated. sub checkauth { my $query = shift; + # $authnotrequired will be set for scripts which will run without authentication my $authnotrequired = shift; my $flagsrequired = shift; @@ -237,20 +235,27 @@ sub checkauth { my %info; my ( $userid, $cookie, $sessionID, $flags, $envcookie ); my $logout = $query->param('logout.x'); - if ( $sessionID = $query->cookie("CGISESSID") ) { + if ( $sessionID = $query->cookie("CGISESSID") ) { C4::Context->_new_userenv($sessionID); - my $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); + my $session = + new CGI::Session( "driver:File;serializer:yaml", $sessionID, + { Directory => '/tmp' } ); if ( $session->param('cardnumber') ) { - C4::Context::set_userenv( - $session->param('number'), $session->param('id'), - $session->param('cardnumber'), $session->param('firstname'), - $session->param('surname'), $session->param('branch'), - $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') - ); - $cookie = $query->cookie(CGISESSID => $session->id); - $loggedin=1; - $userid = $session->param('cardnumber'); + C4::Context::set_userenv( + $session->param('number'), + $session->param('id'), + $session->param('cardnumber'), + $session->param('firstname'), + $session->param('surname'), + $session->param('branch'), + $session->param('branchname'), + $session->param('flags'), + $session->param('emailaddress'), + $session->param('branchprinter') + ); + $cookie = $query->cookie( CGISESSID => $session->id ); + $loggedin = 1; + $userid = $session->param('cardnumber'); } my ( $ip, $lasttime ); @@ -268,47 +273,47 @@ sub checkauth { } } unless ($userid) { - my $session = new CGI::Session("driver:File", undef, {Directory=>'/tmp'}); - $sessionID = $session->id; + my $session = + new CGI::Session( "driver:File;serializer:yaml", undef, { Directory => '/tmp' } ); + $sessionID = $session->id; $userid = $query->param('userid'); C4::Context->_new_userenv($sessionID); my $password = $query->param('password'); C4::Context->_new_userenv($sessionID); my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { - $loggedin=1; + $loggedin = 1; open L, ">>/tmp/sessionlog"; my $time = localtime( time() ); printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time; close L; - $cookie = $query->cookie(CGISESSID => $sessionID); + $cookie = $query->cookie( CGISESSID => $sessionID ); if ( $return == 2 ) { - #Only superlibrarian should have access to this page. - #Since if it is a user, it is supposed that there is a borrower table - #And thus that data structure is loaded. + + #Only superlibrarian should have access to this page. + #Since if it is a user, it is supposed that there is a borrower table + #And thus that data structure is loaded. my $hash = C4::Context::set_userenv( - 0, - 0, - C4::Context->config('user'), - C4::Context->config('user'), - C4::Context->config('user'), - "", - "NO_LIBRARY_SET", - 1,"" + 0, 0, + C4::Context->config('user'), C4::Context->config('user'), + C4::Context->config('user'), "", + "NO_LIBRARY_SET", 1, + "" ); - $session->param('number',0); - $session->param('id',C4::Context->config('user')); - $session->param('cardnumber',C4::Context->config('user')); - $session->param('firstname',C4::Context->config('user')); - $session->param('surname',C4::Context->config('user'),); - $session->param('branch','NO_LIBRARY_SET'); - $session->param('branchname','NO_LIBRARY_SET'); - $session->param('flags',1); - $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress')); - $session->param('ip',$session->remote_addr()); - $session->param('lasttime',time()); - $userid=C4::Context->config('user'); + $session->param( 'number', 0 ); + $session->param( 'id', C4::Context->config('user') ); + $session->param( 'cardnumber', C4::Context->config('user') ); + $session->param( 'firstname', C4::Context->config('user') ); + $session->param( 'surname', C4::Context->config('user'), ); + $session->param( 'branch', 'NO_LIBRARY_SET' ); + $session->param( 'branchname', 'NO_LIBRARY_SET' ); + $session->param( 'flags', 1 ); + $session->param( 'emailaddress', + C4::Context->preference('KohaAdminEmailAddress') ); + $session->param( 'ip', $session->remote_addr() ); + $session->param( 'lasttime', time() ); + $userid = C4::Context->config('user'); } } else { @@ -320,8 +325,7 @@ sub checkauth { } # finished authentification, now respond - if ( $loggedin ) - { + if ($loggedin) { # successful login unless ($cookie) { @@ -348,24 +352,25 @@ sub checkauth { push @inputs, { name => $name, value => $value }; } - my $path=C4::Context->config('intrahtdocs')."/prog/".($query->param('language')?$query->param('language'):"en"); - my $template = HTML::Template::Pro->new( - filename => "$path/$template_name", + my $path = + C4::Context->config('intrahtdocs') . "/prog/" + . ( $query->param('language') ? $query->param('language') : "en" ); + my $template = HTML::Template::Pro->new( + filename => "$path/modules/$template_name", die_on_bad_params => 1, global_vars => 1, case_sensitive => 1, path => ["$path/includes"] ); $template->param( - INPUTS => \@inputs, + INPUTS => \@inputs, ); + $template->param( login => 1 ); $template->param( loginprompt => 1 ) unless $info{'nopermission'}; my $self_url = $query->url( -absolute => 1 ); - $template->param( - url => $self_url, - ); + $template->param( url => $self_url, ); $template->param( \%info ); $cookie = $query->cookie( -name => 'CGISESSID', @@ -373,8 +378,8 @@ sub checkauth { -expires => '' ); print $query->header( - -type => 'utf-8', - -cookie => $cookie + -type => 'text/html; charset=utf-8', + -cookie => $cookie ), $template->output; exit; @@ -384,14 +389,23 @@ sub checkpw { my ( $userid, $password ) = @_; - if ( $userid && $userid eq C4::Context->config('user') + if ( $userid + && $userid eq C4::Context->config('user') && "$password" eq C4::Context->config('pass') ) { -# Koha superuser account - C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1); + + # Koha superuser account + C4::Context->set_userenv( + 0, 0, + C4::Context->config('user'), + C4::Context->config('user'), + C4::Context->config('user'), + "", 1 + ); return 2; } - if ( $userid && $userid eq 'demo' + if ( $userid + && $userid eq 'demo' && "$password" eq 'demo' && C4::Context->config('demo') ) { @@ -403,7 +417,6 @@ sub checkpw { return 0; } - END { } # module clean-up code here (global destructor) 1; __END__