koha-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Koha-cvs] CVS: koha/C4 Auth.pm,1.5,1.6

From: Steve Tonnesen
Subject: [Koha-cvs] CVS: koha/C4 Auth.pm,1.5,1.6
Date: Fri, 05 Jul 2002 12:56:38 -0700 
Update of /cvsroot/koha/koha/C4
In directory usw-pr-cvs1:/tmp/cvs-serv29098

Modified Files:
        Auth.pm 
Log Message:
Auth.pm now checks the password againts a new field in the borrowers table
(password).   There is also a new "userid" field in the borrowers table.  When
a user logs in, the userid will be checked against the userid first and the
cardnumber second, so either method will work.


Index: Auth.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Auth.pm,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** Auth.pm     5 Jul 2002 05:03:37 -0000       1.5
--- Auth.pm     5 Jul 2002 19:56:35 -0000       1.6
***************
*** 37,41 ****
      if ($sth->rows) {
        my ($userid, $ip, $lasttime) = $sth->fetchrow;
!       if ($lasttime<time()-20 && $userid ne 'tonnesen') {
            # timed logout
            warn "$sessionID logged out due to inactivity.";
--- 37,41 ----
      if ($sth->rows) {
        my ($userid, $ip, $lasttime) = $sth->fetchrow;
!       if ($lasttime<time()-40 && $userid ne 'tonnesen') {
            # timed logout
            warn "$sessionID logged out due to inactivity.";
***************
*** 49,54 ****
        } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
            # Different ip than originally logged in from
!           warn "$sessionID came from a new ip address.";
!           $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie 
from a different ip address.";
        } else {
            my $cookie=$query->cookie(-name => 'sessionID',
--- 49,56 ----
        } elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
            # Different ip than originally logged in from
!           my $newip=$ENV{'REMOTE_ADDR'};
!           warn "$sessionID came from a new ip address (authenticated from 
$ip, this request from $newip).";
! 
!           $message="ERROR ERROR ERROR ERROR<br>Attempt to re-use a cookie 
from a different ip address.<br>(authenticated from $ip, this request from 
$newip)";
        } else {
            my $cookie=$query->cookie(-name => 'sessionID',
***************
*** 74,78 ****
        my $userid=$query->param('userid');
        my $password=$query->param('password');
!       if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 
'patron') && $password eq 'koha') {
            my $sti=$dbh->prepare("insert into sessions (sessionID, userid, 
ip,lasttime) values (?, ?, ?, ?)");
            $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
--- 76,81 ----
        my $userid=$query->param('userid');
        my $password=$query->param('password');
!       if (checkpw($dbh, $userid, $password)) {
!       #if (($userid eq 'librarian' || $userid eq 'tonnesen' || $userid eq 
'patron') && $password eq 'koha') {
            my $sti=$dbh->prepare("insert into sessions (sessionID, userid, 
ip,lasttime) values (?, ?, ?, ?)");
            $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
***************
*** 101,107 ****
  
  <form method=post>
! <table border=0 cellpadding=10 width=60%>
      <tr><td align=center valign=top>
!     <table border=0 bgcolor=#dddddd cellpadding=10>
      <tr><th colspan=2 background=/images/background-mem.gif><font 
size=+2>Koha Login</font></th></tr>
      <tr><td>Name:</td><td><input name=userid></td></tr>
--- 104,111 ----
  
  <form method=post>
! <table border=0 cellpadding=10 cellspacing=0 width=60%>
      <tr><td align=center valign=top>
! 
!     <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
      <tr><th colspan=2 background=/images/background-mem.gif><font 
size=+2>Koha Login</font></th></tr>
      <tr><td>Name:</td><td><input name=userid></td></tr>
***************
*** 112,119 ****
      </td><td align=center valign=top>
  
!     <table border=0 bgcolor=#dddddd cellpadding=10>
      <tr><th background=/images/background-mem.gif><font size=+2>Demo 
Information</font></th></tr>
      <td>
!     Log in as librarian/koha or patron/koha.  The timeout is set to 20 
seconds of
      inactivity for the purposes of this demo.  You can navigate to the 
Circulation
      or Acquisitions modules and you should see an indicator in the upper left 
of
--- 116,123 ----
      </td><td align=center valign=top>
  
!     <table border=0 bgcolor=#dddddd cellpadding=10 cellspacing=0>
      <tr><th background=/images/background-mem.gif><font size=+2>Demo 
Information</font></th></tr>
      <td>
!     Log in as librarian/koha or patron/koha.  The timeout is set to 40 
seconds of
      inactivity for the purposes of this demo.  You can navigate to the 
Circulation
      or Acquisitions modules and you should see an indicator in the upper left 
of
***************
*** 133,136 ****
--- 137,166 ----
        }
      }
+ }
+ 
+ 
+ sub checkpw {
+ 
+ # This should be modified to allow a select of authentication schemes (ie 
LDAP)
+ # as well as local authentication through the borrowers tables passwd field
+ #
+     my ($dbh, $userid, $password) = @_;
+     my $sth=$dbh->prepare("select password from borrowers where userid=?");
+     $sth->execute($userid);
+     if ($sth->rows) {
+       my ($cryptpassword) = $sth->fetchrow;
+       if (crypt($password, $cryptpassword) eq $cryptpassword) {
+           return 1;
+       }
+     }
+     my $sth=$dbh->prepare("select password from borrowers where 
cardnumber=?");
+     $sth->execute($userid);
+     if ($sth->rows) {
+       my ($cryptpassword) = $sth->fetchrow;
+       if (crypt($password, $cryptpassword) eq $cryptpassword) {
+           return 1;
+       }
+     }
+     return 0;
  }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]