# state variables
my $loggedin = 0;
my %info;
- my ($userid, $cookie, $sessionID, $flags);
+ my ($userid, $cookie, $sessionID, $flags, $envcookie);
my $logout = $query->param('logout.x');
if ($userid = $ENV{'REMOTE_USER'}) {
# Using Basic Authentication, no cookies required
-expires => '');
$loggedin = 1;
} elsif ($sessionID=$query->cookie('sessionID')) {
- warn "NEWUSERENV : ".$sessionID;
C4::Context->_new_userenv($sessionID);
+ if (my %hash=$query->cookie('userenv')){
+ C4::Context::set_userenv(
+ $hash{number},
+ $hash{id},
+ $hash{cardnumber},
+ $hash{firstname},
+ $hash{surname},
+ $hash{branch},
+ $hash{flags}
+ );
+ }
my ($ip , $lasttime);
($userid, $ip, $lasttime) = $dbh->selectrow_array(
"SELECT userid,ip,lasttime FROM sessions WHERE sessionid=?",
unless ($userid) {
$sessionID=int(rand()*100000).'-'.time();
$userid=$query->param('userid');
- warn "NEWUSERENV : ".$sessionID;
C4::Context->_new_userenv($sessionID);
my $password=$query->param('password');
my ($return, $cardnumber) = checkpw($dbh,$userid,$password);
if ($return) {
- $dbh->do("DELETE FROM sessions WHERE sessionID=? AND userid=?",
- undef, ($sessionID, $userid));
- $dbh->do("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)",
- undef, ($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()));
- open L, ">>/tmp/sessionlog";
- my $time=localtime(time());
- printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
- close L;
- $cookie=$query->cookie(-name => 'sessionID',
- -value => $sessionID,
- -expires => '');
-
- if ($flags = haspermission($dbh, $userid, $flagsrequired)) {
- $loggedin = 1;
- } else {
- $info{'nopermission'} = 1;
- C4::Context->_unset_userenv($sessionID);
- }
+ $dbh->do("DELETE FROM sessions WHERE sessionID=? AND userid=?",
+ undef, ($sessionID, $userid));
+ $dbh->do("INSERT INTO sessions (sessionID, userid, ip,lasttime) VALUES (?, ?, ?, ?)",
+ undef, ($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()));
+ open L, ">>/tmp/sessionlog";
+ my $time=localtime(time());
+ printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
+ close L;
+ $cookie=$query->cookie(-name => 'sessionID',
+ -value => $sessionID,
+ -expires => '');
+
+ if ($flags = haspermission($dbh, $userid, $flagsrequired)) {
+ $loggedin = 1;
+ } else {
+ $info{'nopermission'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+ if ($return == 1){
+ my $sth=$dbh->prepare(
+ "select cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode
+ from borrowers where userid=?"
+ );
+ $sth->execute($userid);
+ my ($cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow;
+ my $hash = C4::Context::set_userenv(
+ $bornum,
+ $userid,
+ $cardnumber,
+ $firstname,
+ $surname,
+ $branchcode,
+ $userflags
+ );
+ $envcookie=$query->cookie(-name => 'userenv',
+ -value => $hash,
+ -expires => '');
+ } elsif ($return == 2) {
+ #We suppose the user is the superlibrarian
+ my $hash = C4::Context::set_userenv(
+ 0,0,
+ C4::Context->config('user'),
+ C4::Context->config('user'),
+ C4::Context->config('user'),
+ "",1
+ );
+ $envcookie=$query->cookie(-name => 'userenv',
+ -value => $hash,
+ -expires => '');
+ }
} else {
- if ($userid) {
- $info{'invalid_username_or_password'} = 1;
- C4::Context->_unset_userenv($sessionID);
- }
+ if ($userid) {
+ $info{'invalid_username_or_password'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
}
}
my $insecure = C4::Context->boolean_preference('insecure');
-value => '',
-expires => '');
}
- return ($userid, $cookie, $sessionID, $flags);
+ if ($envcookie){
+ warn "envcookie set";
+ return ($userid, [$cookie,$envcookie], $sessionID, $flags)
+ } else {
+ return ($userid, $cookie, $sessionID, $flags);
+ }
}
# else we have a problem...
# get the inputs from the incoming query
$template->param(loginprompt => 1) unless $info{'nopermission'};
my $self_url = $query->url(-absolute => 1);
- $template->param(url => $self_url, LibraryName=> => C4::Context->preference("LibraryName"),);
+ $template->param(url => $self_url, LibraryName=> C4::Context->preference("LibraryName"),);
$template->param(\%info);
$cookie=$query->cookie(-name => 'sessionID',
-value => $sessionID,
my ($dbh, $userid, $password) = @_;
# INTERNAL AUTH
- my $sth=$dbh->prepare("select password,cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode from borrowers where userid=?");
+ my $sth=$dbh->prepare("select password,cardnumber from borrowers where userid=?");
$sth->execute($userid);
if ($sth->rows) {
- my ($md5password,$cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow;
+ my ($md5password,$cardnumber) = $sth->fetchrow;
if (md5_base64($password) eq $md5password) {
- warn "setuserenv1 $bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags";
- C4::Context->set_userenv($bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags);
return 1,$cardnumber;
}
}
- my $sth=$dbh->prepare("select password,cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode from borrowers where cardnumber=?");
+ my $sth=$dbh->prepare("select password from borrowers where cardnumber=?");
$sth->execute($userid);
if ($sth->rows) {
- my ($md5password,$cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow;
+ my ($md5password) = $sth->fetchrow;
if (md5_base64($password) eq $md5password) {
- warn "setuserenv2 $bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags";
- C4::Context->set_userenv($bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags);
return 1,$userid;
}
}
if ($userid eq C4::Context->config('user') && $password eq C4::Context->config('pass')) {
# Koha superuser account
warn "setuserenv3";
- C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1);
return 2;
}
if ($userid eq 'demo' && $password eq 'demo' && C4::Context->config('demo')) {
$self->{"stopwords"} = undef; # stopwords list
$self->{"marcfromkohafield"} = undef; # the hash with relations between koha table fields and MARC field/subfield
$self->{"userenv"} = undef; # User env
- $self->{"context"} = undef; # current active user
+ $self->{"activeuser"} = undef; # current active user
bless $self, $class;
return $self;
Returns Null if userenv is not set.
userenv is set in _new_userenv, called in Auth.pm
+=cut
+#'
+
+=item userenv
+
+ C4::Context->userenv;
+
+Builds a hash for user environment variables.
+
+This hash shall be cached for future use: if you call
+C<C4::Context-E<gt>userenv> twice, you will get the same hash without real DB access
+
+set_userenv is called in Auth.pm
+
=cut
#'
sub userenv
{
- warn "activeuser : ".$context->{"activeuser"}."hash :".$context->{$context->{"activeuser"}};
- my $var = $context->{$context->{"activeuser"}};
- foreach my $key (sort keys %$context){
- warn "key : ".$key;
- }
- return $context->{$context->{"activeuser"}};
+ my $var = $context->{"activeuser"};
+ return $context->{"userenv"}->{$var} if (defined $context->{"userenv"}->{$var});
}
-=item set_userenv
+=item userenv
C4::Context->set_userenv;
=cut
#'
-sub set_userenv
-{
+sub set_userenv{
my ($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $userflags)= @_;
- warn "SETTING : $usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $userflags";
- $context->{$context->{"activeuser"}}=\{
+ my $var=$context->{"activeuser"};
+ my $cell = {
"number" => $usernum,
"id" => $userid,
"cardnumber" => $usercnum,
"branch" => $userbranch,
"flags" => $userflags
};
+ $context->{userenv}->{$var} = $cell;
+ return $cell;
}
=item _new_userenv
#'
sub _new_userenv
{
+ shift;
my ($sessionID)= @_;
- $context->{"activeuser"} = \$sessionID;
- $context->{$sessionID}=\();
+ $context->{"activeuser"}=$sessionID;
}
=item _unset_userenv
sub _unset_userenv
{
my ($sessionID)= @_;
- undef $context->{$sessionID};
+# undef $context->{$sessionID};
undef $context->{"activeuser"} if ($context->{"activeuser"} eq $sessionID);
+# $context->{"activeuser"}--;
}