diff options
| author | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-06-21 23:20:24 +0000 |
|---|---|---|
| committer | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-06-21 23:20:24 +0000 |
| commit | 70214dbe42db1d4baba8423d7adad1d9490cdd8d (patch) | |
| tree | 5dffce16d16bb0b2666c18d5c21210debab32d3d | |
| parent | be42a637e05b5679d0ddb2350ec031139d19b3bc (diff) | |
Fixing new framework for session and user authentication
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1298 4979c152-3d1c-0410-bac9-87ea11338e46
| -rwxr-xr-x | LedgerSMB.pm | 56 | ||||
| -rw-r--r-- | lsmb-request.pl | 8 |
2 files changed, 60 insertions, 4 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm index 7f6b4335..bb1ee5c1 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -14,7 +14,8 @@ in database objects (LedgerSMB::DBObject) =item new () -This method creates a new base request instance. +This method creates a new base request instance. In any mode but CLI, it also +validates the session/user credentials. =item date_to_number (user => $LedgerSMB::User, date => $string); @@ -118,6 +119,7 @@ use CGI; use Math::BigFloat lib => 'GMP'; use LedgerSMB::Sysconfig; use Data::Dumper; +use LedgerSMB::Session; use strict; package LedgerSMB; @@ -155,10 +157,62 @@ sub new { $self->error("Access Denied"); } + $self->{_user} = LedgerSMB::User->fetch_config($self->{login}); + my $locale = LedgerSMB::Locale->get_handle($self->{_user}->{countrycode}) + or $self->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n"); + $self->{_locale} = $locale; + if ( $self->{password} ) { + if ( + !Session::password_check( + $self, $self->{login}, $self->{password} + ) + ) + { + if ($self->is_run_mode('cgi', 'mod_perl')) { + _get_password(); + } + else { + $self->error( __FILE__ . ':' . __LINE__ . ': ' + . $locale->text('Access Denied!') ); + } + exit; + } + else { + Session::session_create($self); + } + + } + else { + if ($self->is_run_mode('cgi', 'mod_perl')) { + my %cookie; + $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; + my @cookies = split /;/, $ENV{HTTP_COOKIE}; + foreach (@cookies) { + my ( $name, $value ) = split /=/, $_, 2; + $cookie{$name} = $value; + } + + #check for valid session + if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) { + _get_password(1); + exit; + } + } + else { + exit; + } + } + $self; } +sub _get_password { + # TODO: Remove reliance on pw.pl and add template support. + require 'bin/pw.pl'; + getpassword(@_); +} + sub debug { my $self = shift @_; my %args = @_; diff --git a/lsmb-request.pl b/lsmb-request.pl index e5921553..66978712 100644 --- a/lsmb-request.pl +++ b/lsmb-request.pl @@ -45,16 +45,18 @@ if (!$1){ $script = $1; $locale = LedgerSMB::Locale->get_handle( ${LedgerSMB::Sysconfig::language} ) - or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); + or $request->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); if (!$script){ $request->error($locale->text('No workflow script specified')); } -eval { require "scripts/$script" } || $request->error($locale->text('Unable to open script' . ": $!"; +eval { require "scripts/$script" } + || $request->error($locale->text('Unable to open script' . ": $!"; $script =~ s/\.pl$//; $script = "LedgerSMB::Scripts::$script"; -$script->can($request->{action}) || $request->error($locale->text("Action Not Defined: ") . $request->{action}; +$script->can($request->{action}) + || $request->error($locale->text("Action Not Defined: ") . $request->{action}; $script->can($request->{action})->($request); |