From 706a299eb671b6806efb270f287347b1ea404404 Mon Sep 17 00:00:00 2001 From: tonnesen Date: Sat, 27 Jul 2002 04:33:57 +0000 Subject: [PATCH] Beginning flags based authentication. All of the member*pl scripts now require the borrower to have either the "borrowers" or "superlibrarian" flags set. --- C4/Auth.pm | 82 +++++++++++++++++++++++++++++++++++++++++----- member-password.pl | 8 ++++- member.pl | 6 +++- memberentry.pl | 7 +++- members-home.pl | 4 ++- 5 files changed, 94 insertions(+), 13 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index eaffa41d60..058d031f69 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -19,11 +19,28 @@ $VERSION = 0.01; ); +sub getuserflags { + my $cardnumber=shift; + my $dbh=shift; + my $userflags; + my $sth=$dbh->prepare("select flags from borrowers where cardnumber=?"); + $sth->execute($cardnumber); + my ($flags) = $sth->fetchrow; + $sth=$dbh->prepare("select bit,flag from userflags"); + $sth->execute; + while (my ($bit, $flag) = $sth->fetchrow) { + if ($flags & (2**$bit)) { + $userflags->{$flag}=1; + } + } + return $userflags; +} sub checkauth { my $query=shift; # $authnotrequired will be set for scripts which will run without authentication my $authnotrequired=shift; + my $flagsrequired=shift; if (my $userid=$ENV{'REMOTE_USER'}) { # Using Basic Authentication, no cookies required my $cookie=$query->cookie(-name => 'sessionID', @@ -63,7 +80,29 @@ sub checkauth { -expires => '+1y'); my $sti=$dbh->prepare("update sessions set lasttime=? where sessionID=?"); $sti->execute(time(), $sessionID); - return ($userid, $cookie, $sessionID); + my $sth=$dbh->prepare("select cardnumber from borrowers where userid=?"); + $sth->execute($userid); + my ($cardnumber) = $sth->fetchrow; + my $flags=getuserflags($cardnumber,$dbh); + foreach (keys %$flagsrequired) { + warn "Checking required flag $_"; + unless ($flags->{superlibrarian}) { + unless ($flags->{$_}) { + print qq|Content-type: text/html + + + +REJECTED +
+You do not have access to this portion of Koha + + +|; + exit; + } + } + } + return ($userid, $cookie, $sessionID, $flags); } } @@ -78,12 +117,13 @@ sub checkauth { ($sessionID) || ($sessionID=int(rand()*100000).'-'.time()); my $userid=$query->param('userid'); my $password=$query->param('password'); - if (checkpw($dbh, $userid, $password)) { + my ($return, $cardnumber) = checkpw($dbh,$userid,$password); + if ($return) { my $sti=$dbh->prepare("delete from sessions where sessionID=? and userid=?"); $sti->execute($sessionID, $userid); $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); - $sti=$dbh->prepare("select value from sessionqueries where sessionID=? and userid=?"); + $sti=$dbh->prepare("select url from sessionqueries where sessionID=? and userid=?"); $sti->execute($sessionID, $userid); if ($sti->rows) { my ($selfurl) = $sti->fetchrow; @@ -100,7 +140,31 @@ sub checkauth { my $cookie=$query->cookie(-name => 'sessionID', -value => $sessionID, -expires => '+1y'); - return ($userid, $cookie, $sessionID); + my $flags; + if ($return==2) { + $flags->{'superlibrarian'}=1; + } else { + $flags=getuserflags($cardnumber, $dbh); + } + foreach (keys %$flagsrequired) { + warn "Checking required flag $_"; + unless ($flags->{superlibrarian}) { + unless ($flags->{$_}) { + print qq|Content-type: text/html + + + +REJECTED +
+You do not have access to this portion of Koha + + +|; + exit; + } + } + } + return ($userid, $cookie, $sessionID, $flags); } else { if ($userid) { $message="Invalid userid or password entered."; @@ -169,12 +233,12 @@ sub checkpw { # my ($dbh, $userid, $password) = @_; - my $sth=$dbh->prepare("select password from borrowers where userid=?"); + my $sth=$dbh->prepare("select password,cardnumber from borrowers where userid=?"); $sth->execute($userid); if ($sth->rows) { - my ($md5password) = $sth->fetchrow; + my ($md5password,$cardnumber) = $sth->fetchrow; if (md5_base64($password) eq $md5password) { - return 1; + return 1,$cardnumber; } } my $sth=$dbh->prepare("select password from borrowers where cardnumber=?"); @@ -182,13 +246,13 @@ sub checkpw { if ($sth->rows) { my ($md5password) = $sth->fetchrow; if (md5_base64($password) eq $md5password) { - return 1; + return 1,$userid; } } my $configfile=configfile(); if ($userid eq $configfile->{'user'} && $password eq $configfile->{'pass'}) { # Koha superuser account - return 1; + return 2; } return 0; } diff --git a/member-password.pl b/member-password.pl index 79b269d5f1..626eb12ba0 100755 --- a/member-password.pl +++ b/member-password.pl @@ -10,11 +10,17 @@ use C4::Search; use CGI; use Digest::MD5 qw(md5_base64); use C4::Output; +use C4::Auth; use C4::Database; use C4::Circulation::Circ2; #use C4::Acquisitions; my $input = new CGI; + +my $flagsrequired; +$flagsrequired->{borrowers}=1; +my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); + #print $input->header; my $member=$input->param('member'); my %env; @@ -54,7 +60,7 @@ if ($input->param('newpassword')) { $spellitout=~s/\004/ oh<\/b> /g; $spellitout=~s/\005/ zero<\/b> /g; - print $input->header; + print $input->header(-cookie => $cookie); print startpage(); print startmenu('member'); print qq| diff --git a/member.pl b/member.pl index ec47bc6c78..a20604d2a1 100755 --- a/member.pl +++ b/member.pl @@ -7,12 +7,16 @@ use strict; use C4::Output; use CGI; use C4::Search; +use C4::Auth; my $input = new CGI; +my $flagsrequired; +$flagsrequired->{borrowers}=1; +my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); my $member=$input->param('member'); $member=~ s/\,//g; -print $input->header; +print $input->header(-cookie => $cookie); #start the page and read in includes print startpage(); print startmenu('member'); diff --git a/memberentry.pl b/memberentry.pl index 0ca9ae8f24..4fa22b6e62 100755 --- a/memberentry.pl +++ b/memberentry.pl @@ -8,9 +8,14 @@ use C4::Output; use CGI; use C4::Search; use C4::Database; +use C4::Auth; use C4::Koha; my $input = new CGI; +my $flagsrequired; +$flagsrequired->{borrowers}=1; +my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); + my $member=$input->param('bornum'); if ($member eq ''){ $member=NewBorrowerNumber(); @@ -24,7 +29,7 @@ if ($delete){ } elsif ($password) { print $input->redirect("/cgi-bin/koha/member-password.pl?member=$member"); } else { -print $input->header; +print $input->header(-cookie => $cookie); print startpage(); print startmenu('member'); diff --git a/members-home.pl b/members-home.pl index b12cc92821..4f767b45da 100755 --- a/members-home.pl +++ b/members-home.pl @@ -6,7 +6,9 @@ use C4::Auth; use C4::Output; my $query = new CGI; -my ($loggedinuser, $cookie, $sessionID) = checkauth($query); +my $flagsrequired; +$flagsrequired->{borrowers}=1; +my ($loggedinuser, $cookie, $sessionID) = checkauth($query, 0, $flagsrequired); print $query->header(-cookie => $cookie); -- 2.39.5