Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Checks for a basic authentication userid. If found, it skips the cookie stuff.

Browse source 
Also now supports scripts that do not _require_ authentication, but might
display differently if they get an authenticated userid (might be useful for
opac pages, where pages could be tailored to meet a patron's preferences).
This commit is contained in:
tonnesen 2002-07-04 21:22:21 +00:00
parent 185adfbfe7
commit bdee484019
1 changed files with 45 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
C4/Auth.pm
View file

@ -18,6 +18,15 @@ $VERSION = 0.01;
sub checkauth {
my $query=shift;
# $authnotrequired will be set for scripts which will run without authentication
my $authnotrequired=shift;
if (my $userid=$ENV{'REMOTE_USERNAME'}) {
# Using Basic Authentication, no cookies required
my $cookie=$query->cookie(-name => 'sessionID',
-value => '',
-expires => '+1y');
return ($userid, $cookie, '');
}
my $sessionID=$query->cookie('sessionID');
my $message='';
warn "SID: ".$sessionID;
@ -54,37 +63,42 @@ sub checkauth {
warn "$sessionID wasn't in sessions table.";
($sessionID) || ($sessionID=int(rand()*100000).'-'.time());
my $userid=$query->param('userid');
my $password=$query->param('password');
if ($userid eq 'librarian' && $password eq 'koha') {
my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
open L, ">>/tmp/sessionlog";
print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n";
close L;
return ($userid, $sessionID, $sessionID);
} elsif ($userid eq 'patron' && $password eq 'koha') {
my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
open L, ">>/tmp/sessionlog";
print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n";
close L;
return ($userid, $sessionID, $sessionID);
} else {
if ($userid) {
$message="Invalid userid or password entered.";
}
my $parameters;
foreach (param $query) {
$parameters->{$_}=$query->{$_};
}
if ($authnotrequired) {
my $cookie=$query->cookie(-name => 'sessionID',
-value => $sessionID,
-value => '',
-expires => '+1y');
print $query->header(-cookie=>$cookie);
print qq|
return('', $cookie, '');
} else {
($sessionID) || ($sessionID=int(rand()*100000).'-'.time());
my $userid=$query->param('userid');
my $password=$query->param('password');
if ($userid eq 'librarian' && $password eq 'koha') {
my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
open L, ">>/tmp/sessionlog";
print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n";
close L;
return ($userid, $sessionID, $sessionID);
} elsif ($userid eq 'patron' && $password eq 'koha') {
my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
open L, ">>/tmp/sessionlog";
print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n";
close L;
return ($userid, $sessionID, $sessionID);
} else {
if ($userid) {
$message="Invalid userid or password entered.";
}
my $parameters;
foreach (param $query) {
$parameters->{$_}=$query->{$_};
}
my $cookie=$query->cookie(-name => 'sessionID',
-value => $sessionID,
-expires => '+1y');
print $query->header(-cookie=>$cookie);
print qq|
<html>
<body background=/images/kohaback.jpg>
<center>
@ -100,7 +114,8 @@ sub checkauth {
</body>
</html>
|;
exit
exit;
}
}
}