summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to 'bin')
-rwxr-xr-xbin/admin.pl214
-rwxr-xr-xbin/am.pl2
-rwxr-xr-xbin/arapprn.pl4
-rwxr-xr-xbin/hr.pl4
-rwxr-xr-xbin/login.pl86
5 files changed, 99 insertions, 211 deletions
diff --git a/bin/admin.pl b/bin/admin.pl
index 1922e692..222237e6 100755
--- a/bin/admin.pl
+++ b/bin/admin.pl
@@ -39,7 +39,7 @@ $menufile = "menu.ini";
use LedgerSMB::Form;
use LedgerSMB::Locale;
use LedgerSMB::User;
-
+use LedgerSMB::Session;
$form = new Form;
@@ -65,11 +65,7 @@ if (-f "bin/custom/$form->{script}") {
}
-
-
-
if ($form->{action}) {
-
&check_password unless $form->{action} eq 'logout';
&{ $form->{action} };
@@ -78,20 +74,9 @@ if ($form->{action}) {
# if there are no drivers bail out
$form->error($locale->text('No Database Drivers available!')) unless (LedgerSMB::User->dbdrivers);
- # create memberfile
- if (! -f ${LedgerSMB::Sysconfig::memberfile}) {
- open(FH, ">${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
- print FH qq|# LedgerSMB Accounting members
+ $root = LedgerSMB::User->new('admin');
-[root login]
-password=
-|;
- close FH;
- }
-
- $root = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "root login");
-
- unless($root && $root->{password}) {
+ unless($root && $root->{password}){
&setup_initial_password();
exit;
}
@@ -193,8 +178,7 @@ sub login {
sub logout {
$form->{callback} = "$form->{script}?path=$form->{path}&endsession=1";
- unlink "${LedgerSMB::Sysconfig::userspath}/adminhash";
- print qq|Set-Cookie: LedgerSMB=; path=/;\n|;
+ Session::session_destroy($form);
$form->redirect($locale->text('You are logged out'));
}
@@ -249,14 +233,12 @@ sub form_footer {
sub list_users {
- open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
-
- $nologin = qq|<button type="submit" class="submit" name="action" value="lock_system">|.$locale->text('Lock System').qq|</button>|;
-
- if (-e "${LedgerSMB::Sysconfig::userspath}/nologin") {
- $nologin = qq|<button type="submit" class="submit" name="action" value="unlock_system">|.$locale->text('Unlock System').qq|</button>|;
- }
-
+ #currently, this is disabled, but will set a value in the central db
+ #$nologin = qq|<button type="submit" class="submit" name="action" value="lock_system">|.$locale->text('Lock System').qq|</button>|;
+ #
+ #if (-e "${LedgerSMB::Sysconfig::userspath}/nologin") {
+ # $nologin = qq|<button type="submit" class="submit" name="action" value="unlock_system">|.$locale->text('Unlock System').qq|</button>|;
+ #}
while (<FH>) {
chop;
@@ -294,7 +276,7 @@ sub list_users {
$form->{title} = "LedgerSMB ".$locale->text('Accounting')." ".$locale->text('Administration');
- $form->{login} = "root login";
+ $form->{login} = "admin";
$form->header;
print qq|
@@ -373,7 +355,7 @@ sub form_header {
if ($form->{login}) {
# get user
- $myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+ %myconfig = %{LedgerSMB::User->fetch_config($form->{login})};
for (qw(company address signature)) { $myconfig->{$_} = $form->quote($myconfig->{$_}) }
for (qw(address signature)) { $myconfig->{$_} =~ s/\\n/\n/g }
@@ -486,7 +468,7 @@ sub form_header {
}
$user = $form->{login};
- $form->{login} = "root login";
+ $form->{login} = "admin";
$form->header;
$form->{login} = $user;
@@ -769,7 +751,7 @@ sub save {
# check for duplicates
if (!$form->{edit}) {
- $temp = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+ $temp = LedgerSMB::User->new($form->{login});
if ($temp->{login}) {
$form->error($locale->text('[_1] is already a member!', $form->{login}));
@@ -793,7 +775,6 @@ sub save {
# add base directory to $form->{templates}
$form->{templates} = "${LedgerSMB::Sysconfig::templates}/$form->{templates}";
-
$myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
# redo acs variable and delete all the acs codes
@@ -837,7 +818,7 @@ sub save {
$myconfig->{packpw} = 1;
- $myconfig->save_member(${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath});
+ $myconfig->save_member($form);
# create user template directory and copy master files
if (! -d "$form->{templates}") {
@@ -880,74 +861,6 @@ sub delete {
$form->{templates} = ($form->{templates}) ? "${LedgerSMB::Sysconfig::templates}/$form->{templates}" : "$templates/$form->{login}";
- $form->error($locale->text("[_1] locked!",
- ${LedgerSMB::Sysconfig::memberfile})) if (-f ${memberfile}.LCK);
-
- open(FH, ">${memberfile}.LCK") or $form->error("${memberfile}.LCK : $!");
- close(FH);
-
- if (! open(CONF, "+<${LedgerSMB::Sysconfig::memberfile}")) {
- unlink "${memberfile}.LCK";
- $form->error("${LedgerSMB::Sysconfig::memberfile} : $!");
- }
-
- @config = <CONF>;
-
- seek(CONF, 0, 0);
- truncate(CONF, 0);
-
- while ($line = shift @config) {
-
- chop $line;
-
- if ($line =~ /^\[/) {
- last if ($line eq "[$form->{login}]");
- $login = &login_name($line);
- }
-
- if ($line =~ /^templates=/) {
- ($null, $user{$login}) = split /=/, $line, 2;
- }
-
- print CONF "$line\n";
- }
-
- # remove everything up to next login or EOF
- # and save template variable
- while ($line = shift @config) {
-
- chop $line;
-
- ($key, $value) = split /=/, $line, 2;
- $myconfig{$key} = $value;
-
- last if ($line =~ /^\[/);
- }
-
- # this one is either the next login or EOF
- print CONF "$line\n";
-
- $login = &login_name($line);
-
-
- while ($line = shift @config) {
-
- chop $line;
-
- if ($line =~ /^\[/) {
- $login = &login_name($line);
- }
-
- if ($line =~ /^templates=/) {
- ($null, $user{$login}) = split /=/, $line, 2;
- }
-
- print CONF "$line\n";
- }
-
- close(CONF);
- unlink "${memberfile}.LCK";
-
# scan %user for $templatedir
foreach $login (keys %user) {
last if ($found = ($form->{templates} eq $user{$login}));
@@ -955,7 +868,6 @@ sub delete {
# if found keep directory otherwise delete
if (!$found) {
-
# delete it if there is a template directory
$dir = "$form->{templates}";
if (-d "$dir") {
@@ -964,16 +876,15 @@ sub delete {
}
}
- if ($myconfig{dbconnect}) {
+ my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
- $myconfig{dbpasswd} = unpack 'u', $myconfig{dbpasswd};
- for (keys %myconfig) { $form->{$_} = $myconfig{$_} }
+ #users_conf
+ my $deleteUser = $dbh->prepare("DELETE FROM users_conf USING users WHERE users.username = ? and users.id = users_conf.id;");
+ $deleteUser->execute($form->{login});
- LedgerSMB::User->delete_login(\%$form);
-
- # delete config file for user
- unlink "${LedgerSMB::Sysconfig::userspath}/$form->{login}.conf";
- }
+ #and now users
+ $deleteUser = $dbh->prepare("DELETE FROM users WHERE username = ?;");
+ $deleteUser->execute($form->{login});
$form->redirect($locale->text('User deleted!'));
}
@@ -1035,68 +946,41 @@ sub change_password {
$form->error($locale->text('Passwords do not match!')) if $form->{new_password} ne $form->{confirm_password};
$root->{password} = $form->{new_password};
$root->{'root login'} = 1;
- $root->save_member(${LedgerSMB::Sysconfig::memberfile});
+ $root->save_member();
$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
$form->redirect($locale->text('Password changed!'));
}
-sub get_hash {
- use Digest::MD5;
- $form->{hash} = Digest::MD5::md5_hex rand();
-
-}
-
sub check_password {
- $root = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "root login");
-
- if ($root->{password}) {
+ $root = LedgerSMB::User->new('admin');
- if ($form->{password}) {
+ if ($form->{password}) {
- $form->{callback} .= "&amp;password=$form->{password}" if $form->{callback};
- $form->{sessionid} = time;
+ $form->{callback} .= "&amp;password=$form->{password}" if $form->{callback};
- if ($root->{password} ne crypt $form->{password}, 'ro') {
- &getpassword;
- exit;
- }
-
- &get_hash;
-
- open(HASHFILE, "> ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
- print HASHFILE $form->{hash};
- print qq|Set-Cookie: LedgerSMB=$form->{hash}; path=/;\n|;
-
- } else {
-
- if ($ENV{HTTP_USER_AGENT}) {
-
- $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
- %cookie = split /[=;]/, $ENV{HTTP_COOKIE}; # Changeme to %cookies
- $cookie = ($form->{path} eq 'bin/lynx') ? $cookie{login} : $cookie{"LedgerSMB-root login"};
-
- #fixes problem with first login and such
- if (!(-f "${LedgerSMB::Sysconfig::userspath}/adminhash")) {
- &get_hash;
- open(HASHFILE, "> ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
- print HASHFILE $form->{hash};
- close(HASHFILE);
- }
-
- open (HASHFILE, "< ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
- chomp($form->{hash} = <HASHFILE>);
- %cookies = split /[=;]/, $ENV{HTTP_COOKIE};
+ if ($root->{password} ne (Digest::MD5::md5_hex $form->{password}) ) {
+ &getpassword;
+ exit;
+ }
+ else{
+ Session::session_create($root);
+ }
+ }
+ else {
- if (! $cookie || $cookie ne $form->{sessionid} || $form->{hash} ne $cookies{LedgerSMB}) {
+ $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
+ @cookies = split /;/, $ENV{HTTP_COOKIE};
+ foreach (@cookies) {
+ ($name,$value) = split /=/, $_, 2;
+ $cookie{$name} = $value;
+ }
- &getpassword;
- exit;
- }
- }
+ if(!Session::session_check($cookie{"LedgerSMB"}, $root)){
+ &getpassword(1);
+ exit;
}
}
-
}
@@ -1372,7 +1256,7 @@ sub dbcreate {
sub delete_dataset {
- if (@dbsources = LedgerSMB::User->dbsources_unused(\%$form, ${LedgerSMB::Sysconfig::memberfile})) {
+ if (@dbsources = LedgerSMB::User->dbsources_unused(\%$form)) {
foreach $item (sort @dbsources) {
$dbsources .= qq|<input name="db" class="radio" type="radio" value="$item" />&nbsp;$item |;
@@ -1463,7 +1347,8 @@ sub dbdelete {
sub unlock_system {
- unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
+ # This needs to be done with a db tool
+ # unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
$form->redirect($locale->text('Lockfile removed!'));
}
@@ -1471,8 +1356,9 @@ sub unlock_system {
sub lock_system {
- open(FH, ">${LedgerSMB::Sysconfig::userspath}/nologin") or $form->error($locale->text('Cannot create Lock!'));
- close(FH);
+ # This needs to be done with a db tool
+ #open(FH, ">${LedgerSMB::Sysconfig::userspath}/nologin") or $form->error($locale->text('Cannot create Lock!'));
+ #close(FH);
$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
$form->redirect($locale->text('Lockfile created!'));
}
diff --git a/bin/am.pl b/bin/am.pl
index 25b0b29b..7931ff92 100755
--- a/bin/am.pl
+++ b/bin/am.pl
@@ -2233,7 +2233,7 @@ sub save_preferences {
$form->error($locale->text('Password does not match!')) if $form->{new_password} ne $form->{confirm_password};
}
- if (AM->save_preferences(\%myconfig, \%$form, ${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath})) {
+ if (AM->save_preferences(\%myconfig, \%$form)) {
$form->redirect($locale->text('Preferences saved!'));
} else {
$form->error($locale->text('Cannot save preferences!'));
diff --git a/bin/arapprn.pl b/bin/arapprn.pl
index 0bada33c..c8b19726 100755
--- a/bin/arapprn.pl
+++ b/bin/arapprn.pl
@@ -252,7 +252,7 @@ sub print_check {
$form->{fileid} = $invnumber;
$form->{fileid} =~ s/(\s|\W)+//g;
- $form->parse_template(\%myconfig, ${LedgerSMB::Sysconfig::userspath});
+ $form->parse_template(\%myconfig);
if ($form->{previousform}) {
@@ -468,7 +468,7 @@ sub print_transaction {
$form->{fileid} = $form->{invnumber};
$form->{fileid} =~ s/(\s|\W)+//g;
- $form->parse_template(\%myconfig, ${LedgerSMB::Sysconfig::userspath});
+ $form->parse_template(\%myconfig);
if (%$old_form) {
$old_form->{invnumber} = $form->{invnumber};
diff --git a/bin/hr.pl b/bin/hr.pl
index c8f53549..160b4c87 100755
--- a/bin/hr.pl
+++ b/bin/hr.pl
@@ -716,7 +716,7 @@ sub save_employee {
# if it is a login change memberfile and .conf
if ($form->{employeelogin}) {
- $user = LedgerSMB::User->new(${LedgerSMB::Sysconfig::memberfile}, $form->{employeelogin});
+ $user = LedgerSMB::User->new($form->{employeelogin});
for (qw(name email role)) { $user->{$_} = $form->{$_} }
@@ -726,7 +726,7 @@ sub save_employee {
for (qw(dbpasswd password)) { $user->{"old_$_"} = $user->{$_} }
$user->{packpw} = 1;
- $user->save_member(${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath}) if $user->{login};
+ $user->save_member() if $user->{login};
}
$form->redirect($locale->text('Employee saved!'));
diff --git a/bin/login.pl b/bin/login.pl
index 8fbfefd9..a1f225d8 100755
--- a/bin/login.pl
+++ b/bin/login.pl
@@ -40,6 +40,7 @@ use DBI;
use LedgerSMB::User;
use LedgerSMB::Form;
use LedgerSMB::Locale;
+use LedgerSMB::Session;
## will need this later when session_destroy will be used
#use LedgerSMB::Session;
@@ -48,7 +49,7 @@ use LedgerSMB::Locale;
$form = new Form;
$locale = LedgerSMB::Locale->get_handle(${LedgerSMB::Sysconfig::language}) or
- $form->error("Locale not loaded: $!\n");
+ $form->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n");
$locale->encoding('UTF-8');
$form->{charset} = 'UTF-8';
#$form->{charset} = $locale->encoding;
@@ -56,13 +57,13 @@ $form->{charset} = 'UTF-8';
# customization
if (-f "bin/custom/$form->{script}") {
eval { require "bin/custom/$form->{script}"; };
- $form->error($@) if ($@);
+ $form->error(__FILE__.':'.__LINE__.': '.$@) if ($@);
}
# per login customization
if (-f "bin/custom/$form->{login}_$form->{script}") {
eval { require "bin/custom/$form->{login}_$form->{script}"; };
- $form->error($@) if ($@);
+ $form->error(__FILE__.':'.__LINE__.': '.$@) if ($@);
}
# window title bar, user info
@@ -233,40 +234,41 @@ sub login {
$form->{stylesheet} = "ledger-smb.css";
$form->{favicon} = "favicon.ico";
- $form->error($locale->text('You did not enter a name!')) unless ($form->{login});
-
- if (! $form->{beenthere}) {
- open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
- @a = <FH>;
- close(FH);
-
- foreach $item (@a) {
-
- if ($item =~ /^\[(.*?)\]/) {
- $login = $1;
- $found = 1;
- }
-
- if ($item =~ /^company=/) {
- if ($login =~ /$form->{login}\@/ && $found) {
- ($null, $name) = split /=/, $item, 2;
- $login{$login} = $name;
- }
- $found = 0;
- }
- }
-
- if (keys %login > 1) {
- &selectdataset(\%login);
- exit;
- }
- }
-
-
- $user = LedgerSMB::User->new(${LedgerSMB::Sysconfig::memberfile}, $form->{login});
+ $form->error(__FILE__.':'.__LINE__.': '.$locale->text('You did not enter a name!')) unless ($form->{login});
+
+ #this needs to be done via db
+ #if (! $form->{beenthere}) {
+ # open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error(__FILE__.':'.__LINE__.": $memberfile : $!");
+ # @a = <FH>;
+ # close(FH);
+ #
+ # foreach $item (@a) {
+ #
+ # if ($item =~ /^\[(.*?)\]/) {
+ # $login = $1;
+ # $found = 1;
+ # }
+ #
+ # if ($item =~ /^company=/) {
+ # if ($login =~ /$form->{login}\@/ && $found) {
+ # ($null, $name) = split /=/, $item, 2;
+ # $login{$login} = $name;
+ # }
+ # $found = 0;
+ # }
+ # }
+ #
+ # if (keys %login > 1) {
+ # &selectdataset(\%login);
+ # exit;
+ # }
+ #}
+
+
+ $user = LedgerSMB::User->new($form->{login});
# if we get an error back, bale out
- if (($errno = $user->login(\%$form, ${LedgerSMB::Sysconfig::userspath})) <= -1) {
+ if (($errno = $user->login(\%$form)) <= -1) {
$errno *= -1;
$err[1] = $locale->text('Access Denied!');
@@ -275,7 +277,9 @@ sub login {
if ($errno == 4) {
# upgrade dataset and log in again
- open FH, ">${LedgerSMB::Sysconfig::userspath}/nologin" or $form->error($!);
+
+ #locking needs to be done via db function
+ #open FH, ">${LedgerSMB::Sysconfig::userspath}/nologin" or $form->error($!);
for (qw(dbname dbhost dbport dbdriver dbuser dbpasswd)) { $form->{$_} = $user->{$_} }
@@ -293,8 +297,8 @@ sub login {
$user->dbupdate(\%$form);
- # remove lock file
- unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
+ # remove lock
+ #unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
print $locale->text('done');
@@ -303,7 +307,7 @@ sub login {
exit;
}
- $form->error($err[$errno]);
+ $form->error(__FILE__.':'.__LINE__.': '.$err[$errno]);
}
# made it this far, setup callback for the menu
@@ -340,11 +344,9 @@ sub login {
sub logout {
-
$form->{callback} = "$form->{script}?path=$form->{path}&login=$form->{login}";
$form->{endsession} = 1;
- #delete the cookie in the browser manually (can't use session_destroy here unfortunately)
- print qq|Set-Cookie: LedgerSMB=; path=/;\n|;
+ Session::session_destroy($form);
$form->redirect;
}