From 39833937998c0553f091605486d28472126ba006 Mon Sep 17 00:00:00 2001 From: einhverfr Date: Tue, 9 Oct 2007 18:13:09 +0000 Subject: More authentication fixes git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1728 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB/Form.pm | 6 +++++- LedgerSMB/Session/DB.pm | 4 ++-- old-handler.pl | 56 ++++++++++++++----------------------------------- 3 files changed, 23 insertions(+), 43 deletions(-) diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index c06c9391..02bd44aa 100644 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -1139,8 +1139,12 @@ sub db_init { $self->{company} = $LedgerSMB::Sysconfig::default_db; } my $dbname = $self->{company}; + my $dbconfig = { dbconnect => "dbi:Pg:dbname=$dbname", + dbuser => $login, + dbpasswd => $password + }; - $self->{dbh} = $self->dbconnect_noauto($myconfig) || $self->dberror(); + $self->{dbh} = $self->dbconnect_noauto($dbconfig) || $self->dberror(); my $dbh = $self->{dbh}; my %date_query = ( 'mm/dd/yy' => 'set DateStyle to \'SQL, US\'', diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm index f7f1e672..06385a8f 100755 --- a/LedgerSMB/Session/DB.pm +++ b/LedgerSMB/Session/DB.pm @@ -32,13 +32,13 @@ use MIME::Base64; use strict; sub session_check { - use Time::HiRes qw(gettimeofday); + my ( $cookie, $form ) = @_; + my $path = ($ENV{SCRIPT_NAME}); $path =~ s|[^/]*$||; - my ( $cookie, $form ) = @_; if ($cookie eq 'Login'){ return session_create($form); } diff --git a/old-handler.pl b/old-handler.pl index 3b98cb0d..176789a4 100755 --- a/old-handler.pl +++ b/old-handler.pl @@ -99,13 +99,8 @@ $SIG{__DIE__} = # $form->error(__FILE__.':'.__LINE__.': '.$locale->text('System currently down for maintenance!')); #} -&check_password; # grab user config. This is ugly and unecessary if/when -# we get rid of myconfig and use User as a real object -%myconfig = %{ LedgerSMB::User->fetch_config( $form->{login} ) }; -$locale = LedgerSMB::Locale->get_handle( $myconfig{countrycode} ) - or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); # locale messages #$form->{charset} = $locale->encoding; @@ -124,7 +119,12 @@ map { $form->{$_} = $myconfig{$_} } qw(stylesheet timeout) unless ( $form->{type} eq 'preferences' ); $form->db_init( \%myconfig ); +&check_password; +# we get rid of myconfig and use User as a real object +%myconfig = %{ LedgerSMB::User->fetch_config( $form ) }; +$locale = LedgerSMB::Locale->get_handle( $myconfig{countrycode} ) + or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); # pull in the main code require "bin/$form->{script}"; @@ -161,46 +161,22 @@ else { sub check_password { require "bin/pw.pl"; + if ( $ENV{GATEWAY_INTERFACE} ) { + $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; + @cookies = split /;/, $ENV{HTTP_COOKIE}; + foreach (@cookies) { + ( $name, $value ) = split /=/, $_, 2; + $cookie{$name} = $value; + } - if ( $form->{password} ) { - if ( - !Session::password_check( - $form, $form->{login}, $form->{password} - ) - ) - { - if ( $ENV{GATEWAY_INTERFACE} ) { - &getpassword; - } - else { - $form->error( __FILE__ . ':' . __LINE__ . ': ' - . $locale->text('Access Denied!') ); - } + #check for valid session + if ( !Session::session_check( $cookie{"LedgerSMB"}, $form ) ) { + &getpassword(1); exit; } - else { - Session::session_create($form); - } - } else { - if ( $ENV{GATEWAY_INTERFACE} ) { - $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; - @cookies = split /;/, $ENV{HTTP_COOKIE}; - foreach (@cookies) { - ( $name, $value ) = split /=/, $_, 2; - $cookie{$name} = $value; - } - - #check for valid session - if ( !Session::session_check( $cookie{"LedgerSMB"}, $form ) ) { - &getpassword(1); - exit; - } - } - else { - exit; - } + exit; } } -- cgit v1.2.3