to a db table.
$message="You have been logged out due to inactivity.";
my $sti=$dbh->prepare("delete from sessions where sessionID=?");
$sti->execute($sessionID);
+ open L, ">>/tmp/sessionlog";
+ print L "$userid from $ip logged out at ".localtime(time())." (inactivity).\n";
+ close L;
} elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
# Different ip than originally logged in from
warn "$sessionID came from a new ip address.";
if ($userid eq 'librarian' && $password eq 'koha') {
my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
+ open L, ">>/tmp/sessionlog";
+ print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n";
+ close L;
return ($userid, $sessionID, $sessionID);
} elsif ($userid eq 'patron' && $password eq 'koha') {
my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
+ open L, ">>/tmp/sessionlog";
+ print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n";
+ close L;
return ($userid, $sessionID, $sessionID);
} else {
if ($userid) {
--- /dev/null
+#!/usr/bin/perl
+
+use CGI;
+use C4::Database;
+
+my $query=new CGI;
+
+my $sessionID=$query->cookie('sessionID');
+
+my $sessions;
+open (S, "/tmp/sessions");
+while (my ($sid, $u, $lasttime) = split(/:/, <S>)) {
+ chomp $lasttime;
+ (next) unless ($sid);
+ (next) if ($sid eq $sessionID);
+ $sessions->{$sid}->{'userid'}=$u;
+ $sessions->{$sid}->{'lasttime'}=$lasttime;
+}
+open (S, ">/tmp/sessions");
+foreach (keys %$sessions) {
+ my $userid=$sessions->{$_}->{'userid'};
+ my $lasttime=$sessions->{$_}->{'lasttime'};
+ print S "$_:$userid:$lasttime\n";
+}
+
+my $dbh=C4Connect;
+
+# Check that this is the ip that created the session before deleting it
+
+my $sth=$dbh->prepare("select userid,ip from sessions where sessionID=?");
+$sth->execute($sessionID);
+my ($userid, $ip);
+if ($sth->rows) {
+ ($userid,$ip) = $sth->fetchrow;
+ if ($ip ne $ENV{'REMOTE_ADDR'}) {
+ # attempt to logout from a different ip than cookie was created at
+ exit;
+ }
+}
+
+$sth=$dbh->prepare("delete from sessions where sessionID=?");
+$sth->execute($sessionID);
+open L, ">>/tmp/sessionlog";
+print L "$userid from $ip logged out at ".localtime(time())." (manual log out).\n";
+close L;
+
+my $cookie=$query->cookie(-name => 'sessionID',
+ -value => '',
+ -expires => '+1y');
+
+print $query->redirect("shelves.pl");
+
+exit;
+if ($sessionID) {
+ print "Logged out of $sessionID<br>\n";
+ print "<a href=shelves.pl>Login</a>";
+} else {
+ print "Not logged in.<br>\n";
+ print "<a href=shelves.pl>Login</a>";
+}
+
+
+
print startmenu('catalogue');
-print "Logged in as: $loggedinuser <a href=logout.pl>Log Out</a><br>\n";
+print "Logged in as: $loggedinuser<br><a href=logout.pl>Log Out</a><br>\n";
my ($shelflist) = GetShelfList();
#
# $Log$
+# Revision 1.6 2002/07/04 21:09:43 tonnesen
+# Additions to authentication scheme. Logs to /tmp/sessionlog. Will move this
+# to a db table.
+#
# Revision 1.5 2002/07/04 19:42:48 tonnesen
# Minor changes
#