diff --git a/C4/Auth.pm b/C4/Auth.pm index dc3e7cb52a..f440c657af 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -36,7 +36,7 @@ sub checkauth { $sth->execute($sessionID); if ($sth->rows) { my ($userid, $ip, $lasttime) = $sth->fetchrow; - if ($lasttimecookie(-name => 'sessionID', -value => $sessionID, @@ -73,7 +75,8 @@ sub checkauth { ($sessionID) || ($sessionID=int(rand()*100000).'-'.time()); my $userid=$query->param('userid'); my $password=$query->param('password'); - if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') { + if (checkpw($dbh, $userid, $password)) { + #if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') { my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); open L, ">>/tmp/sessionlog"; @@ -100,9 +103,10 @@ sub checkauth {

$message

- +
- + +
@@ -111,10 +115,10 @@ sub checkauth {
Koha Login
Name:
Password:
- +
Demo Information
- Log in as librarian/koha or patron/koha. The timeout is set to 20 seconds of + Log in as librarian/koha or patron/koha. The timeout is set to 40 seconds of inactivity for the purposes of this demo. You can navigate to the Circulation or Acquisitions modules and you should see an indicator in the upper left of the screen saying who you are logged in as. If you want to try it out with @@ -135,4 +139,30 @@ sub checkauth { } +sub checkpw { + +# This should be modified to allow a select of authentication schemes (ie LDAP) +# as well as local authentication through the borrowers tables passwd field +# + my ($dbh, $userid, $password) = @_; + my $sth=$dbh->prepare("select password from borrowers where userid=?"); + $sth->execute($userid); + if ($sth->rows) { + my ($cryptpassword) = $sth->fetchrow; + if (crypt($password, $cryptpassword) eq $cryptpassword) { + return 1; + } + } + my $sth=$dbh->prepare("select password from borrowers where cardnumber=?"); + $sth->execute($userid); + if ($sth->rows) { + my ($cryptpassword) = $sth->fetchrow; + if (crypt($password, $cryptpassword) eq $cryptpassword) { + return 1; + } + } + return 0; +} + + END { } # module clean-up code here (global destructor)