X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=0015a14e2d6e581d178fe8b6e60d8b70e0fee67e;hb=b38187d8b004316b17d1e67753d638e96bb62bb8;hp=26ba5a75f01b9a1eeb248e57aba3ae2c885d1363;hpb=432777e83388d9ea3d9f9c123e684b6830cd05e3;p=koha.git diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 26ba5a75f0..0015a14e2d 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -103,25 +103,22 @@ InstallAuth - Authenticates Koha users for Install process authenticated page. More information on the C sub can be found in the - Output.pm module. + Templates.pm module. =cut sub get_template_and_user { my $in = shift; my $query = $in->{'query'}; - my $language = $query->cookie('KohaOpacLanguage'); - my $path = - C4::Context->config('intrahtdocs') . "/prog/" - . ( $language ? $language : "en" ); - + my $language =_get_template_language($query->cookie('KohaOpacLanguage')); + my $path = C4::Context->config('intrahtdocs'). "/prog/". $language; + my $tmplbase = $in->{template_name}; $tmplbase=~ s/\.tmpl$/.tt/; my $filename = "$path/modules/" . $tmplbase; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename, $tmplbase); + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); - my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, $in->{'authnotrequired'}, @@ -160,6 +157,17 @@ sub get_template_and_user { return ( $template, $borrowernumber, $cookie ); } +sub _get_template_language { + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; +} + =item checkauth ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type); @@ -254,7 +262,11 @@ sub checkauth { $session->param('emailaddress'), $session->param('branchprinter') ); - $cookie = $query->cookie( CGISESSID => $session->id ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $loggedin = 1; $userid = $session->param('cardnumber'); } @@ -266,11 +278,12 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, - $ip, $time; - close L; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged out at %30s (manually).\n", $userid, + # $ip, $time; + # close L; } } unless ($userid) { @@ -284,12 +297,16 @@ sub checkauth { my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { $loggedin = 1; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged in at %30s.\n", $userid, - $ENV{'REMOTE_ADDR'}, $time; - close L; - $cookie = $query->cookie( CGISESSID => $sessionID ); + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged in at %30s.\n", $userid, + # $ENV{'REMOTE_ADDR'}, $time; + # close L; + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 2 ) { #Only superlibrarian should have access to this page. @@ -333,6 +350,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => '', + -HttpOnly => 1, -expires => '' ); } @@ -359,7 +377,7 @@ sub checkauth { my $filename = "$path/modules/$template_name"; $filename =~ s/\.tmpl$/.tt/; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename); + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( INPUTS => \@inputs, @@ -373,6 +391,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => $sessionID, + -HttpOnly => 1, -expires => '' ); print $query->header(