X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=0015a14e2d6e581d178fe8b6e60d8b70e0fee67e;hb=c6f091cc2348512e5a707cc9e0d8286b8e2ada0c;hp=81c38fb199cc91e9f79b141b3fbb5fe472bdb66d;hpb=eb4ad6e44e2d38b118fc42a350461a2fc4b26bad;p=koha.git diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 81c38fb199..0015a14e2d 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -103,24 +103,22 @@ InstallAuth - Authenticates Koha users for Install process authenticated page. More information on the C sub can be found in the - Output.pm module. + Templates.pm module. =cut sub get_template_and_user { my $in = shift; my $query = $in->{'query'}; - my $language = $query->cookie('KohaOpacLanguage'); - my $path = - C4::Context->config('intrahtdocs') . "/prog/" - . ( $language ? $language : "en" ); - - my $filename = "$path/modules/" . $in->{template_name}; - $filename =~ s/\.tmpl$/.tt/; + my $language =_get_template_language($query->cookie('KohaOpacLanguage')); + my $path = C4::Context->config('intrahtdocs'). "/prog/". $language; + + my $tmplbase = $in->{template_name}; + $tmplbase=~ s/\.tmpl$/.tt/; + my $filename = "$path/modules/" . $tmplbase; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename); + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); - my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, $in->{'authnotrequired'}, @@ -159,6 +157,17 @@ sub get_template_and_user { return ( $template, $borrowernumber, $cookie ); } +sub _get_template_language { + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; +} + =item checkauth ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type); @@ -253,7 +262,11 @@ sub checkauth { $session->param('emailaddress'), $session->param('branchprinter') ); - $cookie = $query->cookie( CGISESSID => $session->id ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $loggedin = 1; $userid = $session->param('cardnumber'); } @@ -265,11 +278,12 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, - $ip, $time; - close L; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged out at %30s (manually).\n", $userid, + # $ip, $time; + # close L; } } unless ($userid) { @@ -283,12 +297,16 @@ sub checkauth { my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { $loggedin = 1; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged in at %30s.\n", $userid, - $ENV{'REMOTE_ADDR'}, $time; - close L; - $cookie = $query->cookie( CGISESSID => $sessionID ); + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged in at %30s.\n", $userid, + # $ENV{'REMOTE_ADDR'}, $time; + # close L; + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 2 ) { #Only superlibrarian should have access to this page. @@ -332,6 +350,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => '', + -HttpOnly => 1, -expires => '' ); } @@ -358,7 +377,7 @@ sub checkauth { my $filename = "$path/modules/$template_name"; $filename =~ s/\.tmpl$/.tt/; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename); + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( INPUTS => \@inputs, @@ -372,6 +391,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => $sessionID, + -HttpOnly => 1, -expires => '' ); print $query->header(