7 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
9 # set the version for version checking
21 # $authnotrequired will be set for scripts which will run without authentication
22 my $authnotrequired=shift;
23 if (my $userid=$ENV{'REMOTE_USERNAME'}) {
24 # Using Basic Authentication, no cookies required
25 my $cookie=$query->cookie(-name => 'sessionID',
28 return ($userid, $cookie, '');
30 my $sessionID=$query->cookie('sessionID');
32 warn "SID: ".$sessionID;
35 my $sth=$dbh->prepare("select userid,ip,lasttime from sessions where sessionid=?");
36 $sth->execute($sessionID);
38 my ($userid, $ip, $lasttime) = $sth->fetchrow;
39 if ($lasttime<time()-40 && $userid ne 'tonnesen') {
41 warn "$sessionID logged out due to inactivity.";
42 $message="You have been logged out due to inactivity.";
43 my $sti=$dbh->prepare("delete from sessions where sessionID=?");
44 $sti->execute($sessionID);
45 open L, ">>/tmp/sessionlog";
46 my $time=localtime(time());
47 printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time;
49 } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
50 # Different ip than originally logged in from
51 my $newip=$ENV{'REMOTE_ADDR'};
52 warn "$sessionID came from a new ip address (authenticated from $ip, this request from $newip).";
54 $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie from a different ip address.<br>(authenticated from $ip, this request from $newip)";
56 my $cookie=$query->cookie(-name => 'sessionID',
59 warn "$sessionID had a valid cookie.";
60 my $sti=$dbh->prepare("update sessions set lasttime=? where sessionID=?");
61 $sti->execute(time(), $sessionID);
62 return ($userid, $cookie, $sessionID);
68 warn "$sessionID wasn't in sessions table.";
69 if ($authnotrequired) {
70 my $cookie=$query->cookie(-name => 'sessionID',
73 return('', $cookie, '');
75 ($sessionID) || ($sessionID=int(rand()*100000).'-'.time());
76 my $userid=$query->param('userid');
77 my $password=$query->param('password');
78 if (checkpw($dbh, $userid, $password)) {
79 #if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') {
80 my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
81 $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
82 open L, ">>/tmp/sessionlog";
83 my $time=localtime(time());
84 printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
86 return ($userid, $sessionID, $sessionID);
89 $message="Invalid userid or password entered.";
92 foreach (param $query) {
93 $parameters->{$_}=$query->{$_};
95 my $cookie=$query->cookie(-name => 'sessionID',
98 print $query->header(-cookie=>$cookie);
101 <body background=/images/kohaback.jpg>
106 <table border=0 cellpadding=10 cellspacing=0 width=60%>
107 <tr><td align=center valign=top>
109 <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
110 <tr><th colspan=2 background=/images/background-mem.gif><font size=+2>Koha Login</font></th></tr>
111 <tr><td>Name:</td><td><input name=userid></td></tr>
112 <tr><td>Password:</td><td><input type=password name=password></td></tr>
113 <tr><td colspan=2 align=center><input type=submit value=login></td></tr>
116 </td><td align=center valign=top>
118 <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
119 <tr><th background=/images/background-mem.gif><font size=+2>Demo Information</font></th></tr>
121 Log in as librarian/koha or patron/koha. The timeout is set to 40 seconds of
122 inactivity for the purposes of this demo. You can navigate to the Circulation
123 or Acquisitions modules and you should see an indicator in the upper left of
124 the screen saying who you are logged in as. If you want to try it out with
125 a longer timout period, log in as tonnesen/koha and the timeout period will
144 # This should be modified to allow a select of authentication schemes (ie LDAP)
145 # as well as local authentication through the borrowers tables passwd field
147 my ($dbh, $userid, $password) = @_;
148 my $sth=$dbh->prepare("select password from borrowers where userid=?");
149 $sth->execute($userid);
151 my ($cryptpassword) = $sth->fetchrow;
152 if (crypt($password, $cryptpassword) eq $cryptpassword) {
156 my $sth=$dbh->prepare("select password from borrowers where cardnumber=?");
157 $sth->execute($userid);
159 my ($cryptpassword) = $sth->fetchrow;
160 if (crypt($password, $cryptpassword) eq $cryptpassword) {
168 END { } # module clean-up code here (global destructor)