From 60a72c67fe8a26488799563df8e9c33ba6f64d2c Mon Sep 17 00:00:00 2001 From: tonnesen Date: Thu, 4 Jul 2002 19:21:29 +0000 Subject: [PATCH] Beginning of authentication api. Applied to shelves.pl for now as a test case. --- C4/Auth.pm | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ shelves.pl | 11 ++++--- 2 files changed, 102 insertions(+), 4 deletions(-) create mode 100644 C4/Auth.pm diff --git a/C4/Auth.pm b/C4/Auth.pm new file mode 100644 index 0000000000..3e08534ba0 --- /dev/null +++ b/C4/Auth.pm @@ -0,0 +1,95 @@ +package C4::Auth; + +use strict; +require Exporter; +use C4::Database; + +use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); + +# set the version for version checking +$VERSION = 0.01; + +@ISA = qw(Exporter); +@EXPORT = qw( + &checkauth +); + + + +sub checkauth { + my $query=shift; + my $sessionID=$query->cookie('sessionID'); + my $message=''; + warn "SID: ".$sessionID; + + my $dbh=C4Connect(); + my $sth=$dbh->prepare("select userid,ip,lasttime from sessions where sessionid=?"); + $sth->execute($sessionID); + if ($sth->rows) { + my ($userid, $ip, $lasttime) = $sth->fetchrow; + if ($lasttimeprepare("delete from sessions where sessionID=?"); + $sti->execute($sessionID); + } elsif ($ip ne $ENV{'REMOTE_ADDR'}) { + # Different ip than originally logged in from + warn "$sessionID came from a new ip address."; + $message="ERROR ERROR ERROR ERROR
Attempt to re-use a cookie from a different ip address."; + } else { + my $cookie=$query->cookie(-name => 'sessionID', + -value => $sessionID, + -expires => '+1y'); + warn "$sessionID had a valid cookie."; + my $sti=$dbh->prepare("update sessions set lasttime=? where sessionID=?"); + $sti->execute(time(), $sessionID); + return ($userid, $cookie, $sessionID); + } + } + + + + warn "$sessionID wasn't in sessions table."; + + ($sessionID) || ($sessionID=int(rand()*100000).'-'.time()); + my $userid=$query->param('userid'); + my $password=$query->param('password'); + if ($userid eq 'librarian' && $password eq 'koha') { + my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); + $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); + return ($userid, $sessionID, $sessionID); + } else { + if ($userid) { + $message="Invalid userid or password entered."; + } + my $parameters; + foreach (param $query) { + $parameters->{$_}=$query->{$_}; + } + my $cookie=$query->cookie(-name => 'sessionID', + -value => $sessionID, + -expires => '+1y'); + print $query->header(-cookie=>$cookie); + print qq| + + + +

$message

Koha Login
Name:
Password:

+ + + +|; + exit + } +} + + +END { } # module clean-up code here (global destructor) diff --git a/shelves.pl b/shelves.pl index b09613b489..3ea9688e69 100755 --- a/shelves.pl +++ b/shelves.pl @@ -10,10 +10,12 @@ use CGI; use C4::Output; use C4::BookShelves; use C4::Circulation::Circ2; +use C4::Auth; my $env; my $query = new CGI; -print $query->header; +my ($userid, $cookie, $sessionID) = checkauth($query); +print $query->header(-cookie => $cookie); my $headerbackgroundcolor='#663266'; my $circbackgroundcolor='#555555'; my $circbackgroundcolor='#550000'; @@ -24,6 +26,7 @@ print startpage(); print startmenu('catalogue'); +print "SessionID: $sessionID
\n"; my ($shelflist) = GetShelfList(); @@ -157,7 +160,7 @@ EOF - + EOF } @@ -166,8 +169,8 @@ EOF # # $Log$ -# Revision 1.3 2002/07/02 17:48:06 tonnesen -# Merged in updates from rel-1-2 +# Revision 1.4 2002/07/04 19:21:29 tonnesen +# Beginning of authentication api. Applied to shelves.pl for now as a test case. # # Revision 1.2.2.1 2002/06/26 20:28:15 tonnesen # Some udpates that I made here locally a while ago. Still won't be useful, but -- 2.39.5