Fixing new framework for session and user authentication

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1298 4979c152-3d1c-0410-bac9-87ea11338e46
author: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-06-21 23:20:24 +0000
committer: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-06-21 23:20:24 +0000
commit: 70214dbe42db1d4baba8423d7adad1d9490cdd8d (patch)
tree: 5dffce16d16bb0b2666c18d5c21210debab32d3d /LedgerSMB.pm
parent: be42a637e05b5679d0ddb2350ec031139d19b3bc (diff)
1 files changed, 55 insertions, 1 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm
index 7f6b4335..bb1ee5c1 100755
--- a/LedgerSMB.pm
+++ b/LedgerSMB.pm
@@ -14,7 +14,8 @@ in database objects (LedgerSMB::DBObject)
 
 =item new ()
 
-This method creates a new base request instance. 
+This method creates a new base request instance. In any mode but CLI, it also
+validates the session/user credentials.
 
 =item date_to_number (user => $LedgerSMB::User, date => $string);
 
@@ -118,6 +119,7 @@ use CGI;
 use Math::BigFloat lib => 'GMP';
 use LedgerSMB::Sysconfig;
 use Data::Dumper;
+use LedgerSMB::Session;
 use strict;
 
 package LedgerSMB;
@@ -155,10 +157,62 @@ sub new {
         $self->error("Access Denied");
     }
 
+    $self->{_user} = LedgerSMB::User->fetch_config($self->{login});
+    my $locale   = LedgerSMB::Locale->get_handle($self->{_user}->{countrycode})
+        or $self->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n");
+    $self->{_locale} = $locale;
+    if ( $self->{password} ) {
+        if (
+            !Session::password_check(
+                $self, $self->{login}, $self->{password}
+            )
+          )
+        {
+            if ($self->is_run_mode('cgi', 'mod_perl')) {
+                _get_password();
+            }
+            else {
+                $self->error( __FILE__ . ':' . __LINE__ . ': '
+                      . $locale->text('Access Denied!') );
+            }
+            exit;
+        }
+        else {
+            Session::session_create($self);
+        }
+
+    }
+    else {
+        if ($self->is_run_mode('cgi', 'mod_perl')) {
+            my %cookie;
+            $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
+            my @cookies = split /;/, $ENV{HTTP_COOKIE};
+            foreach (@cookies) {
+                my ( $name, $value ) = split /=/, $_, 2;
+                $cookie{$name} = $value;
+            }
+
+            #check for valid session
+            if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) {
+                _get_password(1);
+                exit;
+            }
+        }
+        else {
+            exit;
+        }
+    }
+
     $self;
 
 }
 
+sub _get_password {
+    # TODO:  Remove reliance on pw.pl and add template support.
+    require 'bin/pw.pl';
+    getpassword(@_);
+}
+
 sub debug {
     my $self = shift @_;
     my %args = @_;
author	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-06-21 23:20:24 +0000
committer	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-06-21 23:20:24 +0000
commit	70214dbe42db1d4baba8423d7adad1d9490cdd8d (patch)
tree	5dffce16d16bb0b2666c18d5c21210debab32d3d /LedgerSMB.pm
parent	be42a637e05b5679d0ddb2350ec031139d19b3bc (diff)