More authentication fixes.

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1717 4979c152-3d1c-0410-bac9-87ea11338e46
author: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-10-08 05:02:21 +0000
committer: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-10-08 05:02:21 +0000
commit: 31d92e4c9d00b42f4169baacd8fdc6c6325ff567 (patch)
tree: 868aefb9c731ecf33b72ea58240e62ec4c6c429c /LedgerSMB
parent: 8cdda6c118db985392ce19d8ae1d1a0788066ca7 (diff)
4 files changed, 31 insertions, 34 deletions
diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm
index 4938b560..f7f1e672 100755
--- a/LedgerSMB/Session/DB.pm
+++ b/LedgerSMB/Session/DB.pm
@@ -35,8 +35,11 @@ sub session_check {
 
     use Time::HiRes qw(gettimeofday);
 
+    my $path = ($ENV{SCRIPT_NAME});
+    $path =~ s|[^/]*$||;
+
     my ( $cookie, $form ) = @_;
-    if ($cookie eq 'Login'){
+   if ($cookie eq 'Login'){
         return session_create($form);
     }
     my $timeout;
@@ -46,20 +49,20 @@ sub session_check {
 
     my $checkQuery = $dbh->prepare(
         "SELECT u.username, s.transaction_id 
-           FROM session as s, users as u 
-          WHERE s.session_id = ? 
-            AND s.users_id = u.id
+           FROM session as s
+	   JOIN users as u ON (s.users_id = u.id)
+          WHERE s.session_id = ?
+            AND token = ?
             AND s.last_used > now() - ?::interval"
     );
 
     my $updateAge = $dbh->prepare(
         "UPDATE session 
-           SET last_used = now(),
-               transaction_id = ?
+           SET last_used = now()
          WHERE session_id = ?;"
     );
 
-    my ($sessionID, $transactionID, $company) = split(/:/, $cookie);
+    my ($sessionID, $token, $company) = split(/:/, $cookie);
 
     $form->{company} ||= $company;
 
@@ -67,8 +70,6 @@ sub session_check {
     $sessionID =~ s/[^0-9]//g;
     $sessionID = int $sessionID;
 
-    $transactionID =~ s/[^0-9]//g;
-    $transactionID = int $transactionID;
 
     if ( !$form->{timeout} ) {
         $timeout = "1 day";
@@ -77,7 +78,7 @@ sub session_check {
         $timeout = "$form->{timeout} seconds";
     }
 
-    $checkQuery->execute( $sessionID, $timeout )
+    $checkQuery->execute( $sessionID, $token, $timeout )
       || $form->dberror(
         __FILE__ . ':' . __LINE__ . ': Looking for session: ' );
     my $sessionValid = $checkQuery->rows;
@@ -90,25 +91,20 @@ sub session_check {
         my $login = $form->{login};
 
         $login =~ s/[^a-zA-Z0-9._+\@'-]//g;
-
-        if (    ( $sessionLogin eq $login )
-            and ( $sessionTransaction eq $transactionID ) )
+        if (( $sessionLogin eq $login ))
         {
 
-            #microseconds are more than random enough for transaction_id
-            my ( $ignore, $newTransactionID ) = gettimeofday();
 
-            $newTransactionID = int $newTransactionID;
 
-            $updateAge->execute( $newTransactionID, $sessionID )
+            $updateAge->execute( $sessionID )
               || $form->dberror(
                 __FILE__ . ':' . __LINE__ . ': Updating session age: ' );
 
             my $newCookieValue =
-              $sessionID . ':' . $newTransactionID . ':' . $form->{company};
+              $sessionID . ':' . $token . ':' . $form->{company};
 
             #now update the cookie in the browser
-            print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=/;\n|;
+            print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=$path;\n|;
             return 1;
 
         }
@@ -119,7 +115,7 @@ sub session_check {
             my $sessionDestroy = $dbh->prepare("");
 
             #delete the cookie in the browser
-            print qq|Set-Cookie: LedgerSMB=; path=/;\n|;
+            print qq|Set-Cookie: LedgerSMB=; path=$path;\n|;
             return 0;
         }
 
@@ -128,14 +124,15 @@ sub session_check {
 
         #cookie is not valid
         #delete the cookie in the browser
-        print qq|Set-Cookie: LedgerSMB=; path=/;\n|;
+        print qq|Set-Cookie: LedgerSMB=; path=$path;\n|;
         return 0;
     }
 }
 
 sub session_create {
     my ($lsmb) = @_;
-
+    my $path = ($ENV{SCRIPT_NAME});
+    $path =~ s|[^/]*$||;
     use Time::HiRes qw(gettimeofday);
     my $dbh = $lsmb->{dbh};
     my $login = $lsmb->{login};
@@ -155,8 +152,7 @@ sub session_create {
     my $deleteExisting = $dbh->prepare(
         "DELETE 
            FROM session
-          WHERE session.users_id = (select id from users where username = ?) 
-                AND age(last_used) > ?::interval"
+          WHERE session.users_id = (select id from users where username = ?)"
     );
     my $seedRandom = $dbh->prepare("SELECT setseed(?);");
 
@@ -184,7 +180,7 @@ sub session_create {
         $lsmb->{timeout} = 86400;
     }
     print STDERR "Breakpoint\n";
-    $deleteExisting->execute( $login, "$lsmb->{timeout} seconds" )
+    $deleteExisting->execute( $login)
       || $lsmb->dberror(
         __FILE__ . ':' . __LINE__ . ': Delete from session: ' );
 
@@ -211,13 +207,14 @@ sub session_create {
         __FILE__ . ':' . __LINE__ . ': Reseed random generator: ' );
 
 
-    my $newCookieValue = $newSessionID . ':' . $newTransactionID . ':' 
+    my $newCookieValue = $newSessionID . ':' . $newToken . ':' 
 	. $lsmb->{company};
     print STDERR "Breakpoint\n";
     #now set the cookie in the browser
     #TODO set domain from ENV, also set path to install path
-    print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=/;\n|;
+    print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=$path;\n|;
     $lsmb->{LedgerSMB} = $newCookieValue;
+    $lsmb->{dbh}->commit;
 }
 
 sub session_destroy {
diff --git a/LedgerSMB/Sysconfig.pm b/LedgerSMB/Sysconfig.pm
index b62651a6..f8f009e9 100644
--- a/LedgerSMB/Sysconfig.pm
+++ b/LedgerSMB/Sysconfig.pm
@@ -131,8 +131,8 @@ for $var (qw(DBhost DBport DBname DBUserName DBPassword)) {
 # These lines prevent other apps in mod_perl from seeing the global db
 # connection info
 
-my $globalDBConnect = undef;
-my $globalUserName  = undef;
-my $globalPassword  = undef;
+$ENV{PGHOST} = $config{database}{host};
+$ENV{PGPORT} = $config{database}{port};
+our $defaultdb = $config{database}{default_db};
 
 1;
diff --git a/LedgerSMB/Template.pm b/LedgerSMB/Template.pm
index 672078c0..b607d85d 100755
--- a/LedgerSMB/Template.pm
+++ b/LedgerSMB/Template.pm
@@ -214,7 +214,9 @@ sub render {
 
 	if (UNIVERSAL::isa($self->{locale}, 'LedgerSMB::Locale')){
 		$cleanvars->{text} = sub { return $self->{locale}->text(@_)};
-	}
+	} else {
+                $cleanvars->{text} = sub { return shift @_ };
+        }
 
 	$format->can('process')->($self, $cleanvars);
 	#return $format->can('postprocess')->($self);
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm
index 6107cfcb..0b295455 100644
--- a/LedgerSMB/User.pm
+++ b/LedgerSMB/User.pm
@@ -204,9 +204,7 @@ Disused function to return the number of current recurring events.
 sub check_recurring {
     my ( $self, $form ) = @_;
 
-    my $dbh =
-      DBI->connect( $self->{dbconnect}, $self->{dbuser}, $self->{dbpasswd} )
-      or $form->dberror( __FILE__ . ':' . __LINE__ );
+    my $dbh = $form->{dbh};
     $dbh->{pg_encode_utf8} = 1;
 
     my $query = qq|
author	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-10-08 05:02:21 +0000
committer	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-10-08 05:02:21 +0000
commit	31d92e4c9d00b42f4169baacd8fdc6c6325ff567 (patch)
tree	868aefb9c731ecf33b72ea58240e62ec4c6c429c /LedgerSMB
parent	8cdda6c118db985392ce19d8ae1d1a0788066ca7 (diff)