7 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
9 # set the version for version checking
21 # $authnotrequired will be set for scripts which will run without authentication
22 my $authnotrequired=shift;
23 if (my $userid=$ENV{'REMOTE_USERNAME'}) {
24 # Using Basic Authentication, no cookies required
25 my $cookie=$query->cookie(-name => 'sessionID',
28 return ($userid, $cookie, '');
30 my $sessionID=$query->cookie('sessionID');
32 warn "SID: ".$sessionID;
35 my $sth=$dbh->prepare("select userid,ip,lasttime from sessions where sessionid=?");
36 $sth->execute($sessionID);
38 my ($userid, $ip, $lasttime) = $sth->fetchrow;
39 if ($lasttime<time()-20) {
41 warn "$sessionID logged out due to inactivity.";
42 $message="You have been logged out due to inactivity.";
43 my $sti=$dbh->prepare("delete from sessions where sessionID=?");
44 $sti->execute($sessionID);
45 open L, ">>/tmp/sessionlog";
46 print L "$userid from $ip logged out at ".localtime(time())." (inactivity).\n";
48 } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
49 # Different ip than originally logged in from
50 warn "$sessionID came from a new ip address.";
51 $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie from a different ip address.";
53 my $cookie=$query->cookie(-name => 'sessionID',
56 warn "$sessionID had a valid cookie.";
57 my $sti=$dbh->prepare("update sessions set lasttime=? where sessionID=?");
58 $sti->execute(time(), $sessionID);
59 return ($userid, $cookie, $sessionID);
65 warn "$sessionID wasn't in sessions table.";
66 if ($authnotrequired) {
67 my $cookie=$query->cookie(-name => 'sessionID',
70 return('', $cookie, '');
72 ($sessionID) || ($sessionID=int(rand()*100000).'-'.time());
73 my $userid=$query->param('userid');
74 my $password=$query->param('password');
75 if ($userid eq 'librarian' && $password eq 'koha') {
76 my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
77 $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
78 open L, ">>/tmp/sessionlog";
79 print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n";
81 return ($userid, $sessionID, $sessionID);
82 } elsif ($userid eq 'patron' && $password eq 'koha') {
83 my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
84 $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
85 open L, ">>/tmp/sessionlog";
86 print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n";
88 return ($userid, $sessionID, $sessionID);
91 $message="Invalid userid or password entered.";
94 foreach (param $query) {
95 $parameters->{$_}=$query->{$_};
97 my $cookie=$query->cookie(-name => 'sessionID',
100 print $query->header(-cookie=>$cookie);
103 <body background=/images/kohaback.jpg>
108 <tr><th colspan=2><font size=+2>Koha Login</font></th></tr>
109 <tr><td>Name:</td><td><input name=userid></td></tr>
110 <tr><td>Password:</td><td><input type=password name=password></td></tr>
111 <tr><td colspan=2 align=center><input type=submit value=login></td></tr>
123 END { } # module clean-up code here (global destructor)