From 5fa69254442cec41bbce5d398d39d8ae8af7a3d7 Mon Sep 17 00:00:00 2001 From: hdl Date: Tue, 26 Jul 2005 07:50:27 +0000 Subject: [PATCH] Adding Branch Independancy. Still under development. --- C4/Auth.pm | 99 +++++++++++++++++++++++++++-------------------- C4/Context.pm | 86 ++++++++++++++++++++++++++++++++++++++++ C4/Suggestions.pm | 12 +++++- 3 files changed, 154 insertions(+), 43 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index fd41470011..f30e66db12 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -299,56 +299,64 @@ sub checkauth { "SELECT userid,ip,lasttime FROM sessions WHERE sessionid=?", undef, $sessionID); if ($logout) { - # voluntary logout the user - $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID); - $sessionID = undef; - $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time=localtime(time()); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, $ip, $time; - close L; - } - if ($userid) { - if ($lasttimedo("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID); - $userid = undef; - $sessionID = undef; - open L, ">>/tmp/sessionlog"; - my $time=localtime(time()); - printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time; - close L; - } elsif ($ip ne $ENV{'REMOTE_ADDR'}) { - # Different ip than originally logged in from - $info{'oldip'} = $ip; - $info{'newip'} = $ENV{'REMOTE_ADDR'}; - $info{'different_ip'} = 1; + # voluntary logout the user $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID); + C4::Context->_unset_userenv($sessionID); + warn "DEL USERENV0"; $sessionID = undef; $userid = undef; open L, ">>/tmp/sessionlog"; my $time=localtime(time()); - printf L "%20s from logged out at %30s (ip changed from %16s to %16s).\n", $userid, $time, $ip, $info{'newip'}; + printf L "%20s from %16s logged out at %30s (manually).\n", $userid, $ip, $time; close L; - } else { - $cookie=$query->cookie(-name => 'sessionID', - -value => $sessionID, - -expires => ''); - $dbh->do("UPDATE sessions SET lasttime=? WHERE sessionID=?", - undef, (time(), $sessionID)); - $flags = haspermission($dbh, $userid, $flagsrequired); - if ($flags) { - $loggedin = 1; + } + if ($userid) { + if ($lasttimedo("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID); + C4::Context->_unset_userenv($sessionID); + warn "DEL USERENV1"; + $userid = undef; + $sessionID = undef; + open L, ">>/tmp/sessionlog"; + my $time=localtime(time()); + printf L "%20s from %16s logged out at %30s (inactivity).\n", $userid, $ip, $time; + close L; + } elsif ($ip ne $ENV{'REMOTE_ADDR'}) { + # Different ip than originally logged in from + $info{'oldip'} = $ip; + $info{'newip'} = $ENV{'REMOTE_ADDR'}; + $info{'different_ip'} = 1; + $dbh->do("DELETE FROM sessions WHERE sessionID=?", undef, $sessionID); + C4::Context->_unset_userenv($sessionID); + warn "DEL USERENV2"; + $sessionID = undef; + $userid = undef; + open L, ">>/tmp/sessionlog"; + my $time=localtime(time()); + printf L "%20s from logged out at %30s (ip changed from %16s to %16s).\n", $userid, $time, $ip, $info{'newip'}; + close L; } else { - $info{'nopermission'} = 1; + $cookie=$query->cookie(-name => 'sessionID', + -value => $sessionID, + -expires => ''); + $dbh->do("UPDATE sessions SET lasttime=? WHERE sessionID=?", + undef, (time(), $sessionID)); + $flags = haspermission($dbh, $userid, $flagsrequired); + if ($flags) { + $loggedin = 1; + } else { + $info{'nopermission'} = 1; + } } } - } } unless ($userid) { $sessionID=int(rand()*100000).'-'.time(); $userid=$query->param('userid'); + warn "NEWUSERENV : ".$sessionID; + C4::Context->_new_userenv($sessionID); my $password=$query->param('password'); my ($return, $cardnumber) = checkpw($dbh,$userid,$password); if ($return) { @@ -363,14 +371,17 @@ sub checkauth { $cookie=$query->cookie(-name => 'sessionID', -value => $sessionID, -expires => ''); + if ($flags = haspermission($dbh, $userid, $flagsrequired)) { $loggedin = 1; } else { $info{'nopermission'} = 1; + C4::Context->_unset_userenv($sessionID); } } else { if ($userid) { $info{'invalid_username_or_password'} = 1; + C4::Context->_unset_userenv($sessionID); } } } @@ -418,24 +429,30 @@ sub checkpw { my ($dbh, $userid, $password) = @_; # INTERNAL AUTH - my $sth=$dbh->prepare("select password,cardnumber from borrowers where userid=?"); + my $sth=$dbh->prepare("select password,cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode from borrowers where userid=?"); $sth->execute($userid); if ($sth->rows) { - my ($md5password,$cardnumber) = $sth->fetchrow; + my ($md5password,$cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow; if (md5_base64($password) eq $md5password) { + warn "setuserenv1 $bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags"; + C4::Context->set_userenv($bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags); return 1,$cardnumber; } } - my $sth=$dbh->prepare("select password from borrowers where cardnumber=?"); + my $sth=$dbh->prepare("select password,cardnumber,borrowernumber,userid,firstname,surname,flags,branchcode from borrowers where cardnumber=?"); $sth->execute($userid); if ($sth->rows) { - my ($md5password) = $sth->fetchrow; + my ($md5password,$cardnumber,$bornum,$userid,$firstname,$surname,$userflags,$branchcode) = $sth->fetchrow; if (md5_base64($password) eq $md5password) { + warn "setuserenv2 $bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags"; + C4::Context->set_userenv($bornum,$userid,$cardnumber,$firstname,$surname,$branchcode,$userflags); return 1,$userid; } } if ($userid eq C4::Context->config('user') && $password eq C4::Context->config('pass')) { # Koha superuser account + warn "setuserenv3"; + C4::Context->set_userenv(0,0,C4::Context->config('user'),C4::Context->config('user'),C4::Context->config('user'),"",1); return 2; } if ($userid eq 'demo' && $password eq 'demo' && C4::Context->config('demo')) { diff --git a/C4/Context.pm b/C4/Context.pm index 78c817fbed..9793da2a14 100644 --- a/C4/Context.pm +++ b/C4/Context.pm @@ -597,6 +597,92 @@ sub _new_stopwords return $stopwordlist; } +=item userenv + + %userenv = C4::Context->userenv; + +Returns a hash with userenvironment variables. + +This hash is cached for future use: if you call +Cuserenv> twice, you will get the same hash without real DB access + +Returns Null if userenv is not set. +userenv is set in _new_userenv, called in Auth.pm + +=cut +#' +sub userenv +{ + warn "activeuser : ".$context->{"activeuser"}."hash :".$context->{$context->{"activeuser"}}; + my $var = $context->{$context->{"activeuser"}}; + foreach my $key (sort keys %$context){ + warn "key : ".$key; + } + return $context->{$context->{"activeuser"}}; +} + +=item set_userenv + + C4::Context->set_userenv; + +Builds a hash for user environment variables. + +This hash shall be cached for future use: if you call +Cuserenv> twice, you will get the same hash without real DB access + +set_userenv is called in Auth.pm + +=cut +#' +sub set_userenv +{ + my ($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $userflags)= @_; + $context->{$context->{"activeuser"}}=\{ + "number" => $usernum, + "id" => $userid, + "cardnumber" => $usercnum, + "firstname" => $userfirstname, + "surname" => $usersurname, + "branch" => $userbranch, + "flags" => $userflags + } +} + +=item _new_userenv + + C4::Context->_new_userenv($session); + +Builds a hash for user environment variables. + +This hash shall be cached for future use: if you call +Cuserenv> twice, you will get the same hash without real DB access + +_new_userenv is called in Auth.pm + +=cut +#' +sub _new_userenv +{ + my ($sessionID)= @_; + $context->{"activeuser"} = \$sessionID; + $context->{$sessionID}=\(); +} + +=item _unset_userenv + + C4::Context->_unset_userenv; + +Destroys the hash for activeuser user environment variables. + +=cut +#' + +sub _unset_userenv +{ + my ($sessionID)= @_; + undef $context->{$sessionID}; + undef $context->{"activeuser"} if ($context->{"activeuser"} eq $sessionID); +} 1; diff --git a/C4/Suggestions.pm b/C4/Suggestions.pm index 93bcca2a53..2664de97aa 100644 --- a/C4/Suggestions.pm +++ b/C4/Suggestions.pm @@ -165,8 +165,16 @@ sub delsuggestion { sub countsuggestion { my ($status) = @_; my $dbh = C4::Context->dbh; - my $sth = $dbh->prepare("select count(*) from suggestions where status=?"); - $sth->execute($status); + my $sth; + if (C4::Context->preference("IndependantBranches")){ + my $userenv = C4::Context->userenv; + warn "IndependantBranches : Count Suggestions : ".$userenv->{branch}; + $sth = $dbh->prepare("select count(*) from suggestions,borrowers where status=? and borrowers.borrowernumber=suggestions.suggestedby and (borrowers.branchcode='' or borrowers.branchcode =?)"); + $sth->execute($status,$userenv->{branch}); + } else { + $sth = $dbh->prepare("select count(*) from suggestions where status=?"); + $sth->execute($status); + } my ($result) = $sth->fetchrow; return $result; } -- 2.39.5