4 use Digest::MD5 qw(md5_base64);
10 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
12 # set the version for version checking
24 # $authnotrequired will be set for scripts which will run without authentication
25 my $authnotrequired=shift;
26 if (my $userid=$ENV{'REMOTE_USERNAME'}) {
27 # Using Basic Authentication, no cookies required
28 my $cookie=$query->cookie(-name => 'sessionID',
31 return ($userid, $cookie, '');
33 my $sessionID=$query->cookie('sessionID');
35 warn "SID: ".$sessionID;
38 my $sth=$dbh->prepare("select userid,ip,lasttime from sessions where sessionid=?");
39 $sth->execute($sessionID);
41 my ($userid, $ip, $lasttime) = $sth->fetchrow;
42 if ($lasttime<time()-15 && $userid ne 'tonnesen') {
44 warn "$sessionID logged out due to inactivity.";
45 $message="You have been logged out due to inactivity.";
46 my $sti=$dbh->prepare("delete from sessions where sessionID=?");
47 $sti->execute($sessionID);
48 my $scriptname=$ENV{'SCRIPT_NAME'};
49 my $selfurl=$query->self_url();
50 $sti=$dbh->prepare("insert into sessionqueries (sessionID, userid, value) values (?, ?, ?)");
51 $sti->execute($sessionID, $userid, $selfurl);
52 open L, ">>/tmp/sessionlog";
53 my $time=localtime(time());
54 printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time;
56 } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
57 # Different ip than originally logged in from
58 my $newip=$ENV{'REMOTE_ADDR'};
59 warn "$sessionID came from a new ip address (authenticated from $ip, this request from $newip).";
61 $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie from a different ip address.<br>(authenticated from $ip, this request from $newip)";
63 my $cookie=$query->cookie(-name => 'sessionID',
66 warn "$sessionID had a valid cookie.";
67 my $sti=$dbh->prepare("update sessions set lasttime=? where sessionID=?");
68 $sti->execute(time(), $sessionID);
69 return ($userid, $cookie, $sessionID);
75 warn "$sessionID wasn't in sessions table.";
76 if ($authnotrequired) {
77 my $cookie=$query->cookie(-name => 'sessionID',
80 return('', $cookie, '');
82 ($sessionID) || ($sessionID=int(rand()*100000).'-'.time());
83 my $userid=$query->param('userid');
84 my $password=$query->param('password');
85 if (checkpw($dbh, $userid, $password)) {
86 my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
87 $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
88 $sti=$dbh->prepare("select value from sessionqueries where sessionID=? and userid=?");
89 $sti->execute($sessionID, $userid);
91 my $stj=$dbh->prepare("delete from sessionqueries where sessionID=?");
92 $stj->execute($sessionID);
93 my ($selfurl) = $sti->fetchrow;
94 print $query->redirect($selfurl);
97 open L, ">>/tmp/sessionlog";
98 my $time=localtime(time());
99 printf L "%20s from %16s logged in at %30s.\n", $userid, $ENV{'REMOTE_ADDR'}, $time;
101 my $cookie=$query->cookie(-name => 'sessionID',
102 -value => $sessionID,
104 return ($userid, $cookie, $sessionID);
107 $message="Invalid userid or password entered.";
110 foreach (param $query) {
111 $parameters->{$_}=$query->{$_};
113 my $cookie=$query->cookie(-name => 'sessionID',
114 -value => $sessionID,
116 print $query->header(-cookie=>$cookie);
119 <body background=/images/kohaback.jpg>
124 <table border=0 cellpadding=10 cellspacing=0 width=60%>
125 <tr><td align=center valign=top>
127 <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
128 <tr><th colspan=2 background=/images/background-mem.gif><font size=+2>Koha Login</font></th></tr>
129 <tr><td>Name:</td><td><input name=userid></td></tr>
130 <tr><td>Password:</td><td><input type=password name=password></td></tr>
131 <tr><td colspan=2 align=center><input type=submit value=login></td></tr>
134 </td><td align=center valign=top>
136 <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
137 <tr><th background=/images/background-mem.gif><font size=+2>Demo Information</font></th></tr>
139 Log in as librarian/koha or patron/koha. The timeout is set to 40 seconds of
140 inactivity for the purposes of this demo. You can navigate to the Circulation
141 or Acquisitions modules and you should see an indicator in the upper left of
142 the screen saying who you are logged in as. If you want to try it out with
143 a longer timout period, log in as tonnesen/koha and there will be no
146 You can also log in using a patron cardnumber. Try V10000008 and
147 V1000002X with password koha.
165 # This should be modified to allow a select of authentication schemes (ie LDAP)
166 # as well as local authentication through the borrowers tables passwd field
168 my ($dbh, $userid, $password) = @_;
169 my $sth=$dbh->prepare("select password from borrowers where userid=?");
170 $sth->execute($userid);
172 my ($md5password) = $sth->fetchrow;
173 if (md5_base64($password) eq $md5password) {
177 my $sth=$dbh->prepare("select password from borrowers where cardnumber=?");
178 $sth->execute($userid);
180 my ($md5password) = $sth->fetchrow;
181 if (md5_base64($password) eq $md5password) {
189 END { } # module clean-up code here (global destructor)