diff options
| author | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-12 05:34:09 +0000 |
|---|---|---|
| committer | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-12 05:34:09 +0000 |
| commit | 16b10f9cddca05aa2c3f63a15238c983b873bf23 (patch) | |
| tree | 5b4127f4b8e267f42214a05e7cd231a2f5d46ab8 /LedgerSMB/User.pm | |
| parent | 402191681370f0059a0d58d95e799d2d53666fce (diff) | |
creating a central Session::password_check which will allow for an upgrade from crypted passwords to md5. Fixing session timeout problem for first login. Removing some old cruft (set_cookie and more). Changing central db users_conf to remove dbconnect (which will now be generated) and to add crypted_password (which will eventually be removed).
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@520 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB/User.pm')
| -rwxr-xr-x | LedgerSMB/User.pm | 54 |
1 files changed, 35 insertions, 19 deletions
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 18f4e8d9..a020affb 100755 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -33,6 +33,7 @@ package LedgerSMB::User; use LedgerSMB::Sysconfig; +use LedgerSMB::Session; use Data::Dumper; sub new { @@ -48,12 +49,12 @@ sub new { # for now, this is querying the table directly... ugly my $fetchUserPrefs = $dbh->prepare("SELECT acs, address, businessnumber, company, countrycode, currency, - dateformat, dbconnect, dbdriver, - dbhost, dbname, dboptions, dbpasswd, - dbport, dbuser, email, fax, menuwidth, - name, numberformat, password, print, - printer, role, sid, signature, stylesheet, - tel, templates, timeout, vclimit, u.username + dateformat, dbdriver, dbhost, dbname, + dboptions, dbpasswd, dbport, dbuser, + email, fax, menuwidth, name, numberformat, + password, print, printer, role, sid, + signature, stylesheet, tel, templates, + timeout, vclimit, u.username FROM users_conf as uc, users as u WHERE u.username = ? AND u.id = uc.id;"); @@ -66,6 +67,16 @@ sub new { $self->{$key} = $value; } + chomp($self->{dbport}); + chomp($self->{dbname}); + chomp($self->{dbhost}); + + if(! int($self->{dbport})){#in case there's a space or junk in the dbport + $self->{dbport} = '5432'; + } + + $self->{dbconnect} = 'dbi:Pg:dbname='.$self->{dbname}.';host='.$self->{dbhost}.';port='.$self->{dbport}; + if($self->{username}){ $self->{login} = $login; } @@ -113,12 +124,12 @@ sub fetch_config { # for now, this is querying the table directly... ugly my $fetchUserPrefs = $dbh->prepare("SELECT acs, address, businessnumber, company, countrycode, currency, - dateformat, dbconnect, dbdriver, - dbhost, dbname, dboptions, dbpasswd, - dbport, dbuser, email, fax, menuwidth, - name, numberformat, password, print, - printer, role, sid, signature, stylesheet, - tel, templates, timeout, vclimit + dateformat, dbdriver, dbhost, dbname, + dboptions, dbpasswd, dbport, dbuser, + email, fax, menuwidth, name, numberformat, + password, print, printer, role, sid, + signature, stylesheet, tel, templates, + timeout, vclimit, u.username FROM users_conf as uc, users as u WHERE u.username = ? AND u.id = uc.id;"); @@ -130,20 +141,25 @@ sub fetch_config { while ( my ($key, $value) = each(%{$userHashRef}) ) { $myconfig{$key} = $value; } + + if(! int($myconfig{'dbport'})){#in case there's a space or junk in the dbport + $myconfig{'dbport'} = '5432'; + } + + $myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'}; } return \%myconfig; } sub login { - use Digest::MD5; my ($self, $form) = @_; my $rc = -1; if ($self->{login} ne "") { - if ($self->{password} ne (Digest::MD5::md5_hex $form->{password}) ) { + if (! Session::password_check($form, $form->{login}, $form->{password})) { return -1; } @@ -719,7 +735,7 @@ sub save_member { my $userConfUpdate = $dbh->prepare("UPDATE users_conf SET acs = ?, address = ?, businessnumber = ?, company = ?, countrycode = ?, currency = ?, - dateformat = ?, dbconnect = ?, dbdriver = ?, + dateformat = ?, dbdriver = ?, dbhost = ?, dbname = ?, dboptions = ?, dbpasswd = ?, dbport = ?, dbuser = ?, email = ?, fax = ?, menuwidth = ?, @@ -732,7 +748,7 @@ sub save_member { $userConfUpdate->execute($self->{acs}, $self->{address}, $self->{businessnumber}, $self->{company}, $self->{countrycode}, $self->{currency}, - $self->{dateformat}, $self->{dbconnect}, $self->{dbdriver}, + $self->{dateformat}, $self->{dbdriver}, $self->{dbhost}, $self->{dbname}, $self->{dboptions}, $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, $self->{email}, $self->{fax}, $self->{menuwidth}, @@ -748,7 +764,7 @@ sub save_member { my $userConfInsert = $dbh->prepare("INSERT INTO users_conf(acs, address, businessnumber, company, countrycode, currency, - dateformat, dbconnect, dbdriver, + dateformat, dbdriver, dbhost, dbname, dboptions, dbpasswd, dbport, dbuser, email, fax, menuwidth, name, numberformat, print, printer, role, @@ -756,11 +772,11 @@ sub save_member { timeout, vclimit, id, password) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, - ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));"); + ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));"); $userConfInsert->execute($self->{acs}, $self->{address}, $self->{businessnumber}, $self->{company}, $self->{countrycode}, $self->{currency}, - $self->{dateformat}, $self->{dbconnect}, $self->{dbdriver}, + $self->{dateformat}, $self->{dbdriver}, $self->{dbhost}, $self->{dbname}, $self->{dboptions}, $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, $self->{email}, $self->{fax}, $self->{menuwidth}, |