diff options
| -rwxr-xr-x | LedgerSMB.pm | 47 | ||||
| -rwxr-xr-x | LedgerSMB/Session/DB.pm | 51 | ||||
| -rw-r--r-- | LedgerSMB/Sysconfig.pm | 6 | ||||
| -rwxr-xr-x | LedgerSMB/Template.pm | 4 | ||||
| -rw-r--r-- | LedgerSMB/User.pm | 4 | ||||
| -rw-r--r-- | README.svn-status | 2 | ||||
| -rw-r--r-- | scripts/menu.pl | 1 |
7 files changed, 62 insertions, 53 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm index d82f0309..4fb4ec1e 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -137,8 +137,10 @@ our $VERSION = '1.2.99'; sub new { my $type = shift @_; my $argstr = shift @_; - + my %cookie; my $self = {}; + + $self->{version} = $VERSION; $self->{dbversion} = "1.2.0"; bless $self, $type; @@ -148,6 +150,15 @@ sub new { $self->merge($params); + if ($self->is_run_mode('cgi', 'mod_perl')) { + $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; + my @cookies = split /;/, $ENV{HTTP_COOKIE}; + foreach (@cookies) { + my ( $name, $value ) = split /=/, $_, 2; + $cookie{$name} = $value; + } + } + $self->{action} =~ s/\W/_/g; $self->{action} = lc $self->{action}; @@ -173,17 +184,15 @@ sub new { ($self->{action} eq 'authenticate' || !$self->{action})){ return $self; } + if (!$self->{company} && $self->is_run_mode('cgi', 'mod_perl')){ + my $ccookie = $cookie{LedgerSMB}; + $ccookie =~ s/.*:([^:]*)$/$1/; + $self->{company} = $ccookie; + } $self->_db_init; - if ($self->is_run_mode('cgi', 'mod_perl')) { - my %cookie; - $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; - my @cookies = split /;/, $ENV{HTTP_COOKIE}; - foreach (@cookies) { - my ( $name, $value ) = split /=/, $_, 2; - $cookie{$name} = $value; - } + if ($self->is_run_mode('cgi', 'mod_perl')) { #check for valid session unless this is an iniital authentication #request -- CT if (!Session::session_check( $cookie{"LedgerSMB"}, $self) ) { @@ -193,13 +202,13 @@ sub new { $self->{_user} = LedgerSMB::User->fetch_config($self); } #my $locale = LedgerSMB::Locale->get_handle($self->{_user}->{countrycode}) - #or $self->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n"); - #self->{_locale} = $locale; - - $self->{stylesheet} = $self->{_user}->{stylesheet}; + $self->{_locale} = LedgerSMB::Locale->get_handle('en') # temporary + or $self->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n"); + $self->{stylesheet} = 'ledgersmb.css'; # temporary + #$self->{stylesheet} = $self->{_user}->{stylesheet}; - $self; + return $self; } @@ -639,7 +648,8 @@ sub error { sub _db_init { my $self = shift @_; my %args = @_; - #my $myconfig = $self->{_user}; + + $self->debug({file => '/tmp/dbconnect'}); # Handling of HTTP Basic Auth headers my $auth = $ENV{'HTTP_AUTHORIZATION'}; @@ -647,7 +657,9 @@ sub _db_init { $auth = MIME::Base64::decode($auth); my ($login, $password) = split(/:/, $auth); $self->{login} = $login; - $self->{company} ||= 'lsmb13'; + if (!$self->{company}){ + $self->{company} = $LedgerSMB::Sysconfig::default_db; + } my $dbname = $self->{company}; # Note that we have to request the login/password again if the db @@ -655,12 +667,11 @@ sub _db_init { # Just in case, however, I think it is a good idea to include the DBI # error string. CT $self->{dbh} = DBI->connect( - "dbi:Pg:dbname=$dbname;host=localhost;port=5432", "$login", "$password", { AutoCommit => 0 } + "dbi:Pg:dbname=$dbname", "$login", "$password", { AutoCommit => 0 } ); my $dbh = $self->{dbh}; - if (($self->{script} eq 'login.pl') && ($self->{action} eq 'authenticate')){ diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm index 4938b560..f7f1e672 100755 --- a/LedgerSMB/Session/DB.pm +++ b/LedgerSMB/Session/DB.pm @@ -35,8 +35,11 @@ sub session_check { use Time::HiRes qw(gettimeofday); + my $path = ($ENV{SCRIPT_NAME}); + $path =~ s|[^/]*$||; + my ( $cookie, $form ) = @_; - if ($cookie eq 'Login'){ + if ($cookie eq 'Login'){ return session_create($form); } my $timeout; @@ -46,20 +49,20 @@ sub session_check { my $checkQuery = $dbh->prepare( "SELECT u.username, s.transaction_id - FROM session as s, users as u - WHERE s.session_id = ? - AND s.users_id = u.id + FROM session as s + JOIN users as u ON (s.users_id = u.id) + WHERE s.session_id = ? + AND token = ? AND s.last_used > now() - ?::interval" ); my $updateAge = $dbh->prepare( "UPDATE session - SET last_used = now(), - transaction_id = ? + SET last_used = now() WHERE session_id = ?;" ); - my ($sessionID, $transactionID, $company) = split(/:/, $cookie); + my ($sessionID, $token, $company) = split(/:/, $cookie); $form->{company} ||= $company; @@ -67,8 +70,6 @@ sub session_check { $sessionID =~ s/[^0-9]//g; $sessionID = int $sessionID; - $transactionID =~ s/[^0-9]//g; - $transactionID = int $transactionID; if ( !$form->{timeout} ) { $timeout = "1 day"; @@ -77,7 +78,7 @@ sub session_check { $timeout = "$form->{timeout} seconds"; } - $checkQuery->execute( $sessionID, $timeout ) + $checkQuery->execute( $sessionID, $token, $timeout ) || $form->dberror( __FILE__ . ':' . __LINE__ . ': Looking for session: ' ); my $sessionValid = $checkQuery->rows; @@ -90,25 +91,20 @@ sub session_check { my $login = $form->{login}; $login =~ s/[^a-zA-Z0-9._+\@'-]//g; - - if ( ( $sessionLogin eq $login ) - and ( $sessionTransaction eq $transactionID ) ) + if (( $sessionLogin eq $login )) { - #microseconds are more than random enough for transaction_id - my ( $ignore, $newTransactionID ) = gettimeofday(); - $newTransactionID = int $newTransactionID; - $updateAge->execute( $newTransactionID, $sessionID ) + $updateAge->execute( $sessionID ) || $form->dberror( __FILE__ . ':' . __LINE__ . ': Updating session age: ' ); my $newCookieValue = - $sessionID . ':' . $newTransactionID . ':' . $form->{company}; + $sessionID . ':' . $token . ':' . $form->{company}; #now update the cookie in the browser - print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=/;\n|; + print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=$path;\n|; return 1; } @@ -119,7 +115,7 @@ sub session_check { my $sessionDestroy = $dbh->prepare(""); #delete the cookie in the browser - print qq|Set-Cookie: LedgerSMB=; path=/;\n|; + print qq|Set-Cookie: LedgerSMB=; path=$path;\n|; return 0; } @@ -128,14 +124,15 @@ sub session_check { #cookie is not valid #delete the cookie in the browser - print qq|Set-Cookie: LedgerSMB=; path=/;\n|; + print qq|Set-Cookie: LedgerSMB=; path=$path;\n|; return 0; } } sub session_create { my ($lsmb) = @_; - + my $path = ($ENV{SCRIPT_NAME}); + $path =~ s|[^/]*$||; use Time::HiRes qw(gettimeofday); my $dbh = $lsmb->{dbh}; my $login = $lsmb->{login}; @@ -155,8 +152,7 @@ sub session_create { my $deleteExisting = $dbh->prepare( "DELETE FROM session - WHERE session.users_id = (select id from users where username = ?) - AND age(last_used) > ?::interval" + WHERE session.users_id = (select id from users where username = ?)" ); my $seedRandom = $dbh->prepare("SELECT setseed(?);"); @@ -184,7 +180,7 @@ sub session_create { $lsmb->{timeout} = 86400; } print STDERR "Breakpoint\n"; - $deleteExisting->execute( $login, "$lsmb->{timeout} seconds" ) + $deleteExisting->execute( $login) || $lsmb->dberror( __FILE__ . ':' . __LINE__ . ': Delete from session: ' ); @@ -211,13 +207,14 @@ sub session_create { __FILE__ . ':' . __LINE__ . ': Reseed random generator: ' ); - my $newCookieValue = $newSessionID . ':' . $newTransactionID . ':' + my $newCookieValue = $newSessionID . ':' . $newToken . ':' . $lsmb->{company}; print STDERR "Breakpoint\n"; #now set the cookie in the browser #TODO set domain from ENV, also set path to install path - print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=/;\n|; + print qq|Set-Cookie: LedgerSMB=$newCookieValue; path=$path;\n|; $lsmb->{LedgerSMB} = $newCookieValue; + $lsmb->{dbh}->commit; } sub session_destroy { diff --git a/LedgerSMB/Sysconfig.pm b/LedgerSMB/Sysconfig.pm index b62651a6..f8f009e9 100644 --- a/LedgerSMB/Sysconfig.pm +++ b/LedgerSMB/Sysconfig.pm @@ -131,8 +131,8 @@ for $var (qw(DBhost DBport DBname DBUserName DBPassword)) { # These lines prevent other apps in mod_perl from seeing the global db # connection info -my $globalDBConnect = undef; -my $globalUserName = undef; -my $globalPassword = undef; +$ENV{PGHOST} = $config{database}{host}; +$ENV{PGPORT} = $config{database}{port}; +our $defaultdb = $config{database}{default_db}; 1; diff --git a/LedgerSMB/Template.pm b/LedgerSMB/Template.pm index 672078c0..b607d85d 100755 --- a/LedgerSMB/Template.pm +++ b/LedgerSMB/Template.pm @@ -214,7 +214,9 @@ sub render { if (UNIVERSAL::isa($self->{locale}, 'LedgerSMB::Locale')){ $cleanvars->{text} = sub { return $self->{locale}->text(@_)}; - } + } else { + $cleanvars->{text} = sub { return shift @_ }; + } $format->can('process')->($self, $cleanvars); #return $format->can('postprocess')->($self); diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 6107cfcb..0b295455 100644 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -204,9 +204,7 @@ Disused function to return the number of current recurring events. sub check_recurring { my ( $self, $form ) = @_; - my $dbh = - DBI->connect( $self->{dbconnect}, $self->{dbuser}, $self->{dbpasswd} ) - or $form->dberror( __FILE__ . ':' . __LINE__ ); + my $dbh = $form->{dbh}; $dbh->{pg_encode_utf8} = 1; my $query = qq| diff --git a/README.svn-status b/README.svn-status index 3f2886b1..982bb31e 100644 --- a/README.svn-status +++ b/README.svn-status @@ -1,3 +1,3 @@ -Dataset creation is now fixed (and mandatory). Only Default and Canadian English (General) COA's currently work. +SVN /trunk/ currently doesn't work due to rewriting the auth stuff. If you are developing templates, etc. use rev 1691 for now (svn up -r 1691) Chris T diff --git a/scripts/menu.pl b/scripts/menu.pl index f873398f..ad362c1c 100644 --- a/scripts/menu.pl +++ b/scripts/menu.pl @@ -105,6 +105,7 @@ there nodes which are supposed to be open are marked. sub expanding_menu { my ($request) = @_; + print STDERR 'Breakpoint\n'; if ($request->{'open'} !~ s/:$request->{id}:/:/){ $request->{'open'} .= ":$request->{id}:"; } |