From bdee4840197c21b4b21b5d8e8d89d528678c74e1 Mon Sep 17 00:00:00 2001 From: tonnesen Date: Thu, 4 Jul 2002 21:22:21 +0000 Subject: [PATCH] Checks for a basic authentication userid. If found, it skips the cookie stuff. Also now supports scripts that do not _require_ authentication, but might display differently if they get an authenticated userid (might be useful for opac pages, where pages could be tailored to meet a patron's preferences). --- C4/Auth.pm | 75 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index ddcddafde9..4feea2786b 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -18,6 +18,15 @@ $VERSION = 0.01; sub checkauth { my $query=shift; + # $authnotrequired will be set for scripts which will run without authentication + my $authnotrequired=shift; + if (my $userid=$ENV{'REMOTE_USERNAME'}) { + # Using Basic Authentication, no cookies required + my $cookie=$query->cookie(-name => 'sessionID', + -value => '', + -expires => '+1y'); + return ($userid, $cookie, ''); + } my $sessionID=$query->cookie('sessionID'); my $message=''; warn "SID: ".$sessionID; @@ -54,37 +63,42 @@ sub checkauth { warn "$sessionID wasn't in sessions table."; - - ($sessionID) || ($sessionID=int(rand()*100000).'-'.time()); - my $userid=$query->param('userid'); - my $password=$query->param('password'); - if ($userid eq 'librarian' && $password eq 'koha') { - my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); - $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); - open L, ">>/tmp/sessionlog"; - print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n"; - close L; - return ($userid, $sessionID, $sessionID); - } elsif ($userid eq 'patron' && $password eq 'koha') { - my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); - $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); - open L, ">>/tmp/sessionlog"; - print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n"; - close L; - return ($userid, $sessionID, $sessionID); - } else { - if ($userid) { - $message="Invalid userid or password entered."; - } - my $parameters; - foreach (param $query) { - $parameters->{$_}=$query->{$_}; - } + if ($authnotrequired) { my $cookie=$query->cookie(-name => 'sessionID', - -value => $sessionID, + -value => '', -expires => '+1y'); - print $query->header(-cookie=>$cookie); - print qq| + return('', $cookie, ''); + } else { + ($sessionID) || ($sessionID=int(rand()*100000).'-'.time()); + my $userid=$query->param('userid'); + my $password=$query->param('password'); + if ($userid eq 'librarian' && $password eq 'koha') { + my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); + $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); + open L, ">>/tmp/sessionlog"; + print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n"; + close L; + return ($userid, $sessionID, $sessionID); + } elsif ($userid eq 'patron' && $password eq 'koha') { + my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); + $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); + open L, ">>/tmp/sessionlog"; + print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n"; + close L; + return ($userid, $sessionID, $sessionID); + } else { + if ($userid) { + $message="Invalid userid or password entered."; + } + my $parameters; + foreach (param $query) { + $parameters->{$_}=$query->{$_}; + } + my $cookie=$query->cookie(-name => 'sessionID', + -value => $sessionID, + -expires => '+1y'); + print $query->header(-cookie=>$cookie); + print qq| @@ -100,7 +114,8 @@ sub checkauth { |; - exit + exit; + } } } -- 2.20.1