summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoraurynn_cmd <aurynn_cmd@4979c152-3d1c-0410-bac9-87ea11338e46>2007-10-03 01:32:37 +0000
committeraurynn_cmd <aurynn_cmd@4979c152-3d1c-0410-bac9-87ea11338e46>2007-10-03 01:32:37 +0000
commit84b3533f6d54cf37e1bf6b616da4d02523a45fb3 (patch)
treeb4a0056704aa815d66214fe4db28477bc6af3408
parent46cd8dc840a5796513b208c251139b500d4dca7e (diff)
Disabled login checking in LedgerSMB.pm, temporarily.
Whitespace cleanup in DB.pm Modifications to remove user_conf from User.pm git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1692 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat
-rwxr-xr-xLedgerSMB.pm89
-rwxr-xr-xLedgerSMB/Session/DB.pm24
-rw-r--r--LedgerSMB/User.pm192
-rw-r--r--scripts/admin.pl3
-rw-r--r--sql/modules/admin.sql7
5 files changed, 167 insertions, 148 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm
index 3d5454a5..6c08715d 100755
--- a/LedgerSMB.pm
+++ b/LedgerSMB.pm
@@ -178,50 +178,49 @@ sub new {
}
$self->{_locale} = $locale;
- $self->{stylesheet} = $self->{_user}->{stylesheet};
- if ( $self->{password} ) {
- if (
- !Session::password_check(
- $self, $self->{login}, $self->{password}
- )
- )
- {
- if ($self->is_run_mode('cgi', 'mod_perl')) {
- $self->_get_password();
- }
- else {
- $self->error( __FILE__ . ':' . __LINE__ . ': '
- . $locale->text('Access Denied!') );
- }
- exit;
- }
- else {
- Session::session_create($self);
- }
-
- }
- else {
- if ($self->is_run_mode('cgi', 'mod_perl')) {
- my %cookie;
- $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
- my @cookies = split /;/, $ENV{HTTP_COOKIE};
- foreach (@cookies) {
- my ( $name, $value ) = split /=/, $_, 2;
- $cookie{$name} = $value;
- }
+# if ( $self->{password} ) {
+# if (
+# !Session::password_check(
+# $self, $self->{ login }, $self->{ password }
+# )
+# )
+# {
+# if ($self->is_run_mode('cgi', 'mod_perl')) {
+# $self->_get_password();
+# }
+# else {
+# $self->error( __FILE__ . ':' . __LINE__ . ': '
+# . $locale->text('Access Denied!') );
+# }
+# exit;
+# }
+# else {
+# Session::session_create($self);
+# }
+
+# }
+# else {
+# if ($self->is_run_mode('cgi', 'mod_perl')) {
+# my %cookie;
+# $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
+# my @cookies = split /;/, $ENV{HTTP_COOKIE};
+# foreach (@cookies) {
+# my ( $name, $value ) = split /=/, $_, 2;
+# $cookie{$name} = $value;
+# }
#check for valid session
- if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) {
- $self->_get_password(1);
- exit;
- }
- }
- else {
- exit;
- }
- }
-
- $self->{stylesheet} = $self->{_user}->{stylesheet};
+# if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) {
+# $self->_get_password(1);
+# exit;
+# }
+# }
+# else {
+# exit;
+# }
+# }
+
+# $self->{stylesheet} = $self->{_user}->{stylesheet};
$self->_db_init;
@@ -668,8 +667,8 @@ sub _db_init {
my $myconfig = $self->{_user};
my $dbh = DBI->connect(
- $myconfig->{dbconnect}, $myconfig->{dbuser},
- $myconfig->{dbpasswd}, { AutoCommit => 0 }
+ $myconfig->{ dbconnect }, $myconfig->{ username },
+ $self->{ password }, { AutoCommit => 0 }
) or $self->dberror;
$dbh->{pg_server_prepare} = 0;
@@ -750,7 +749,7 @@ sub type {
my $self = shift @_;
if (!$ENV{REQUEST_METHOD} or
- ( $ENV{REQUEST_METHOD} ne ("HEAD" or "GET" or "POST") ) ) {
+ ( !grep {$ENV{REQUEST_METHOD} eq $_} ("HEAD", "GET", "POST") ) ) {
$self->error("Request method unset or set to unknown value");
}
diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm
index e4884015..872dd419 100755
--- a/LedgerSMB/Session/DB.pm
+++ b/LedgerSMB/Session/DB.pm
@@ -41,17 +41,17 @@ sub session_check {
my $checkQuery = $dbh->prepare(
"SELECT u.username, s.transaction_id
- FROM session as s, users as u
- WHERE s.session_id = ?
- AND s.users_id = u.id
- AND s.last_used > now() - ?::interval"
+ FROM session as s, users as u
+ WHERE s.session_id = ?
+ AND s.users_id = u.id
+ AND s.last_used > now() - ?::interval"
);
my $updateAge = $dbh->prepare(
"UPDATE session
- SET last_used = now(),
- transaction_id = ?
- WHERE session_id = ?;"
+ SET last_used = now(),
+ transaction_id = ?
+ WHERE session_id = ?;"
);
#must be an integer
@@ -269,11 +269,11 @@ sub password_check {
#password was good, convert to md5 password and null crypted
my $updatePassword = $dbh->prepare(
"UPDATE users_conf
- SET password = md5(?),
- crypted_password = null
- FROM users
- WHERE users_conf.id = users.id
- AND users.username = ?;"
+ SET password = md5(?),
+ crypted_password = null
+ FROM users
+ WHERE users_conf.id = users.id
+ AND users.username = ?;"
);
$updatePassword->execute( $password, $username )
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm
index b5b043d6..89033ed1 100644
--- a/LedgerSMB/User.pm
+++ b/LedgerSMB/User.pm
@@ -80,16 +80,16 @@ sub new {
# for now, this is querying the table directly... ugly
my $fetchUserPrefs = $dbh->prepare(
"SELECT acs, address, businessnumber,
- company, countrycode, currency,
- dateformat, dbdriver, dbhost, dbname,
- dboptions, dbpasswd, dbport, dbuser,
- email, fax, menuwidth, name, numberformat,
- password, print, printer, role, sid,
- signature, stylesheet, tel, templates,
- timeout, vclimit, u.username
- FROM users_conf as uc, users as u
- WHERE u.username = ?
- AND u.id = uc.id;"
+ company, countrycode, currency,
+ dateformat, dbdriver, dbhost, dbname,
+ dboptions, dbpasswd, dbport, dbuser,
+ email, fax, menuwidth, name, numberformat,
+ password, print, printer, role, sid,
+ signature, stylesheet, tel, templates,
+ timeout, vclimit, u.username
+ FROM users_conf as uc, users as u
+ WHERE u.username = ?
+ AND u.id = uc.id;"
);
$fetchUserPrefs->execute($login);
@@ -175,23 +175,37 @@ sub fetch_config {
my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
# for now, this is querying the table directly... ugly
- my $fetchUserPrefs = $dbh->prepare(
- "SELECT acs, address, businessnumber,
- company, countrycode, currency,
- dateformat, dbdriver, dbhost, dbname,
- dboptions, dbpasswd, dbport, dbuser,
- email, fax, menuwidth, name, numberformat,
- password, print, printer, role, sid,
- signature, stylesheet, tel, templates,
- timeout, vclimit, u.username
- FROM users_conf as uc, users as u
- WHERE u.username = ?
- AND u.id = uc.id;"
- );
-
- $fetchUserPrefs->execute($login);
-
- my $userHashRef = $fetchUserPrefs->fetchrow_hashref;
+# my $fetchUserPrefs = $dbh->prepare(
+# "SELECT acs, address, businessnumber,
+# company, countrycode, currency,
+# dateformat, dbdriver, dbhost, dbname,
+# dboptions, dbpasswd, dbport, dbuser,
+# email, fax, menuwidth, name, numberformat,
+# password, print, printer, role, sid,
+# signature, stylesheet, tel, templates,
+# timeout, vclimit, u.username
+# FROM users_conf as uc, users as u
+# WHERE u.username = ?
+# AND u.id = uc.id;"
+# );
+
+ my $fetchUserSettings = $dbh->prepare("
+ SELECT
+ u.username,
+ uc.dbname,
+ uc.port,
+ uc.host
+
+ FROM users u
+ JOIN user_connection uc ON uc.user_id = u.id
+ WHERE u.username = ?
+ ");
+
+ $fetchUserSettings->execute($login);
+
+ #$fetchUserPrefs->execute($login);
+
+ my $userHashRef = $fetchUserSettings->fetchrow_hashref;
if ( !$userHashRef ) {
&error( $self, "Access Denied" );
}
@@ -200,18 +214,18 @@ sub fetch_config {
$myconfig{$key} = $value;
}
- chomp( $myconfig{'dbport'} );
+ chomp( $myconfig{'port'} );
chomp( $myconfig{'dbname'} );
- chomp( $myconfig{'dbhost'} );
+ chomp( $myconfig{'host'} );
$myconfig{'login'} = $login;
$myconfig{'dbconnect'} =
'dbi:Pg:dbname='
. $myconfig{'dbname'}
. ';host='
- . $myconfig{'dbhost'}
+ . $myconfig{'host'}
. ';port='
- . $myconfig{'dbport'};
+ . $myconfig{'port'};
return \%myconfig;
}
@@ -252,8 +266,8 @@ sub login {
# we got a connection, check the version
my $query = qq|
- SELECT value FROM defaults
- WHERE setting_key = 'version'|;
+ SELECT value FROM defaults
+ WHERE setting_key = 'version'|;
my $sth = $dbh->prepare($query);
$sth->execute || $form->dberror( __FILE__ . ':' . __LINE__ . $query );
@@ -276,10 +290,10 @@ sub login {
$form->update_defaults( \%myconfig, "employeenumber", $dbh );
$query = qq|
- INSERT INTO employee
- (login, employeenumber, name,
- workphone, role)
- VALUES (?, ?, ?, ?, ?)|;
+ INSERT INTO employee
+ (login, employeenumber, name,
+ workphone, role)
+ VALUES (?, ?, ?, ?, ?)|;
$sth = $dbh->prepare($query);
$sth->execute(
$login, $employeenumber, $myconfig{name},
@@ -325,8 +339,8 @@ sub check_recurring {
$dbh->{pg_encode_utf8} = 1;
my $query = qq|
- SELECT count(*) FROM recurring
- WHERE enddate >= current_date AND nextdate <= current_date|;
+ SELECT count(*) FROM recurring
+ WHERE enddate >= current_date AND nextdate <= current_date|;
($_) = $dbh->selectrow_array($query);
$dbh->disconnect;
@@ -421,9 +435,9 @@ sub dbsources {
$dbh->{pg_enable_utf8} = 1;
$query = qq|
- SELECT tablename FROM pg_tables
- WHERE tablename = 'defaults'
- AND tableowner = ?|;
+ SELECT tablename FROM pg_tables
+ WHERE tablename = 'defaults'
+ AND tableowner = ?|;
my $sth = $dbh->prepare($query);
$sth->execute( $form->{dbuser} )
|| $form->dberror( __FILE__ . ':' . __LINE__ . $query );
@@ -652,10 +666,10 @@ sub dbneedsupdate {
if ( $form->{dbdriver} =~ /Pg/ ) {
$query = qq|
- SELECT d.datname
- FROM pg_database d, pg_user u
- WHERE d.datdba = u.usesysid
- AND u.usename = ?|;
+ SELECT d.datname
+ FROM pg_database d, pg_user u
+ WHERE d.datdba = u.usesysid
+ AND u.usename = ?|;
my $sth = $dbh->prepare($query);
$sth->execute( $form->{dbuser} )
|| $form->dberror( __FILE__ . ':' . __LINE__ . $query );
@@ -673,17 +687,17 @@ sub dbneedsupdate {
$dbh->{pg_enable_utf8};
$query = qq|
- SELECT tablename
- FROM pg_tables
- WHERE tablename = 'defaults'|;
+ SELECT tablename
+ FROM pg_tables
+ WHERE tablename = 'defaults'|;
my $sth = $dbh->prepare($query);
$sth->execute
|| $form->dberror( __FILE__ . ':' . __LINE__ . $query );
if ( $sth->fetchrow_array ) {
$query = qq|
- SELECT value FROM defaults
- WHERE setting_key = 'version'|;
+ SELECT value FROM defaults
+ WHERE setting_key = 'version'|;
my $sth = $dbh->prepare($query);
$sth->execute;
@@ -746,8 +760,8 @@ sub dbupdate {
# check version
$query = qq|
- SELECT value FROM defaults
- WHERE setting_key = 'version'|;
+ SELECT value FROM defaults
+ WHERE setting_key = 'version'|;
my $sth = $dbh->prepare($query);
# no error check, let it fall through
@@ -904,18 +918,18 @@ sub save_member {
# for now, this is updating the table directly... ugly
my $userConfUpdate = $dbh->prepare(
"UPDATE users_conf
- SET acs = ?, address = ?, businessnumber = ?,
- company = ?, countrycode = ?, currency = ?,
- dateformat = ?, dbdriver = ?,
- dbhost = ?, dbname = ?, dboptions = ?,
- dbpasswd = ?, dbport = ?, dbuser = ?,
- email = ?, fax = ?, menuwidth = ?,
- name = ?, numberformat = ?,
- print = ?, printer = ?, role = ?,
- sid = ?, signature = ?, stylesheet = ?,
- tel = ?, templates = ?, timeout = ?,
- vclimit = ?
- WHERE id = ?;"
+ SET acs = ?, address = ?, businessnumber = ?,
+ company = ?, countrycode = ?, currency = ?,
+ dateformat = ?, dbdriver = ?,
+ dbhost = ?, dbname = ?, dboptions = ?,
+ dbpasswd = ?, dbport = ?, dbuser = ?,
+ email = ?, fax = ?, menuwidth = ?,
+ name = ?, numberformat = ?,
+ print = ?, printer = ?, role = ?,
+ sid = ?, signature = ?, stylesheet = ?,
+ tel = ?, templates = ?, timeout = ?,
+ vclimit = ?
+ WHERE id = ?;"
);
$userConfUpdate->execute(
@@ -943,8 +957,8 @@ sub save_member {
$userConfUpdate = $dbh->prepare(
"UPDATE users_conf
- SET password = md5(?)
- WHERE id = ?"
+ SET password = md5(?)
+ WHERE id = ?"
);
$userConfUpdate->execute( $self->{password}, $userID );
@@ -956,16 +970,16 @@ sub save_member {
my $userConfInsert = $dbh->prepare(
"INSERT INTO users_conf(acs, address, businessnumber,
- company, countrycode, currency,
- dateformat, dbdriver,
- dbhost, dbname, dboptions, dbpasswd,
- dbport, dbuser, email, fax, menuwidth,
- name, numberformat, print, printer, role,
- sid, signature, stylesheet, tel, templates,
- timeout, vclimit, id, password)
- VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
- ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
- ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));"
+ company, countrycode, currency,
+ dateformat, dbdriver,
+ dbhost, dbname, dboptions, dbpasswd,
+ dbport, dbuser, email, fax, menuwidth,
+ name, numberformat, print, printer, role,
+ sid, signature, stylesheet, tel, templates,
+ timeout, vclimit, id, password)
+ VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
+ ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
+ ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));"
);
$userConfInsert->execute(
@@ -1017,10 +1031,10 @@ sub save_member {
if ($id) {
$query = qq|UPDATE employee SET
- role = ?,
- email = ?,
- name = ?
- WHERE login = ?|;
+ role = ?,
+ email = ?,
+ name = ?
+ WHERE login = ?|;
@values = ( $self->{role}, $self->{email}, $self->{name}, $login );
@@ -1030,10 +1044,10 @@ sub save_member {
my ($employeenumber) =
Form::update_defaults( "", \%$self, "employeenumber", $dbh );
$query = qq|
- INSERT INTO employee
- (login, employeenumber, name,
- workphone, role, email, sales)
- VALUES (?, ?, ?, ?, ?, ?, '1')|;
+ INSERT INTO employee
+ (login, employeenumber, name,
+ workphone, role, email, sales)
+ VALUES (?, ?, ?, ?, ?, ?, '1')|;
@values = (
$login, $employeenumber, $self->{name},
@@ -1075,10 +1089,10 @@ sub delete_login {
$sth->finish;
my $query = qq|
- UPDATE employee
- SET login = NULL,
- enddate = current_date
- WHERE login = ?|;
+ UPDATE employee
+ SET login = NULL,
+ enddate = current_date
+ WHERE login = ?|;
$sth = $dbh->prepare($query);
$sth->execute($login);
$dbh->commit;
diff --git a/scripts/admin.pl b/scripts/admin.pl
index 9947b501..18fb0ca8 100644
--- a/scripts/admin.pl
+++ b/scripts/admin.pl
@@ -10,7 +10,6 @@ sub new_user {
# uses the same page as create_user, only pre-populated.
#my ($class, $request) = @_;
- my $class = shift @_;
my $request = shift @_;
my $admin = LedgerSMB::DBObject::Admin->new(base=>$request, copy=>'all');
@@ -154,7 +153,7 @@ sub __default {
my ($class, $request) = @_;
- # check for login
+ # TODO: check for login stuff.
my $template;
$template = LedgerSMB::Template->new( user=>$user,
template=>'Admin/main', language=>$user->{language},
diff --git a/sql/modules/admin.sql b/sql/modules/admin.sql
index 9423e737..5cb6773a 100644
--- a/sql/modules/admin.sql
+++ b/sql/modules/admin.sql
@@ -423,3 +423,10 @@ END;
$$ LANGUAGE PLPGSQL;
-- TODO: Add admin user
+
+
+CREATE OR REPLACE FUNCTION admin_audit_log () returns int as $$
+
+
+
+$$ language plpgsql; \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 05:51:21 +0000