From 259a4873fbf2819e029a4c38396a8a9dd2e72dbf Mon Sep 17 00:00:00 2001 From: tonnesen Date: Fri, 5 Jul 2002 19:56:35 +0000 Subject: [PATCH] Auth.pm now checks the password againts a new field in the borrowers table (password). There is also a new "userid" field in the borrowers table. When a user logs in, the userid will be checked against the userid first and the cardnumber second, so either method will work. --- C4/Auth.pm | 46 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index dc3e7cb52a..f440c657af 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -36,7 +36,7 @@ sub checkauth { $sth->execute($sessionID); if ($sth->rows) { my ($userid, $ip, $lasttime) = $sth->fetchrow; - if ($lasttimecookie(-name => 'sessionID', -value => $sessionID, @@ -73,7 +75,8 @@ sub checkauth { ($sessionID) || ($sessionID=int(rand()*100000).'-'.time()); my $userid=$query->param('userid'); my $password=$query->param('password'); - if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') { + if (checkpw($dbh, $userid, $password)) { + #if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 'patron') && $password eq 'koha') { my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); open L, ">>/tmp/sessionlog"; @@ -100,9 +103,10 @@ sub checkauth {

$message

- +
- + +
@@ -111,10 +115,10 @@ sub checkauth {
Koha Login
Name:
Password:
- +
Demo Information
- Log in as librarian/koha or patron/koha. The timeout is set to 20 seconds of + Log in as librarian/koha or patron/koha. The timeout is set to 40 seconds of inactivity for the purposes of this demo. You can navigate to the Circulation or Acquisitions modules and you should see an indicator in the upper left of the screen saying who you are logged in as. If you want to try it out with @@ -135,4 +139,30 @@ sub checkauth { } +sub checkpw { + +# This should be modified to allow a select of authentication schemes (ie LDAP) +# as well as local authentication through the borrowers tables passwd field +# + my ($dbh, $userid, $password) = @_; + my $sth=$dbh->prepare("select password from borrowers where userid=?"); + $sth->execute($userid); + if ($sth->rows) { + my ($cryptpassword) = $sth->fetchrow; + if (crypt($password, $cryptpassword) eq $cryptpassword) { + return 1; + } + } + my $sth=$dbh->prepare("select password from borrowers where cardnumber=?"); + $sth->execute($userid); + if ($sth->rows) { + my ($cryptpassword) = $sth->fetchrow; + if (crypt($password, $cryptpassword) eq $cryptpassword) { + return 1; + } + } + return 0; +} + + END { } # module clean-up code here (global destructor) -- 2.39.5