From 70214dbe42db1d4baba8423d7adad1d9490cdd8d Mon Sep 17 00:00:00 2001 From: einhverfr Date: Thu, 21 Jun 2007 23:20:24 +0000 Subject: Fixing new framework for session and user authentication git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1298 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB.pm | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- lsmb-request.pl | 8 +++++--- 2 files changed, 60 insertions(+), 4 deletions(-) diff --git a/LedgerSMB.pm b/LedgerSMB.pm index 7f6b4335..bb1ee5c1 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -14,7 +14,8 @@ in database objects (LedgerSMB::DBObject) =item new () -This method creates a new base request instance. +This method creates a new base request instance. In any mode but CLI, it also +validates the session/user credentials. =item date_to_number (user => $LedgerSMB::User, date => $string); @@ -118,6 +119,7 @@ use CGI; use Math::BigFloat lib => 'GMP'; use LedgerSMB::Sysconfig; use Data::Dumper; +use LedgerSMB::Session; use strict; package LedgerSMB; @@ -155,10 +157,62 @@ sub new { $self->error("Access Denied"); } + $self->{_user} = LedgerSMB::User->fetch_config($self->{login}); + my $locale = LedgerSMB::Locale->get_handle($self->{_user}->{countrycode}) + or $self->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n"); + $self->{_locale} = $locale; + if ( $self->{password} ) { + if ( + !Session::password_check( + $self, $self->{login}, $self->{password} + ) + ) + { + if ($self->is_run_mode('cgi', 'mod_perl')) { + _get_password(); + } + else { + $self->error( __FILE__ . ':' . __LINE__ . ': ' + . $locale->text('Access Denied!') ); + } + exit; + } + else { + Session::session_create($self); + } + + } + else { + if ($self->is_run_mode('cgi', 'mod_perl')) { + my %cookie; + $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; + my @cookies = split /;/, $ENV{HTTP_COOKIE}; + foreach (@cookies) { + my ( $name, $value ) = split /=/, $_, 2; + $cookie{$name} = $value; + } + + #check for valid session + if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) { + _get_password(1); + exit; + } + } + else { + exit; + } + } + $self; } +sub _get_password { + # TODO: Remove reliance on pw.pl and add template support. + require 'bin/pw.pl'; + getpassword(@_); +} + sub debug { my $self = shift @_; my %args = @_; diff --git a/lsmb-request.pl b/lsmb-request.pl index e5921553..66978712 100644 --- a/lsmb-request.pl +++ b/lsmb-request.pl @@ -45,16 +45,18 @@ if (!$1){ $script = $1; $locale = LedgerSMB::Locale->get_handle( ${LedgerSMB::Sysconfig::language} ) - or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); + or $request->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" ); if (!$script){ $request->error($locale->text('No workflow script specified')); } -eval { require "scripts/$script" } || $request->error($locale->text('Unable to open script' . ": $!"; +eval { require "scripts/$script" } + || $request->error($locale->text('Unable to open script' . ": $!"; $script =~ s/\.pl$//; $script = "LedgerSMB::Scripts::$script"; -$script->can($request->{action}) || $request->error($locale->text("Action Not Defined: ") . $request->{action}; +$script->can($request->{action}) + || $request->error($locale->text("Action Not Defined: ") . $request->{action}; $script->can($request->{action})->($request); -- cgit v1.2.3