From 84b3533f6d54cf37e1bf6b616da4d02523a45fb3 Mon Sep 17 00:00:00 2001 From: aurynn_cmd Date: Wed, 3 Oct 2007 01:32:37 +0000 Subject: Disabled login checking in LedgerSMB.pm, temporarily. Whitespace cleanup in DB.pm Modifications to remove user_conf from User.pm git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1692 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB.pm | 89 +++++++++++----------- LedgerSMB/Session/DB.pm | 24 +++--- LedgerSMB/User.pm | 192 ++++++++++++++++++++++++++---------------------- scripts/admin.pl | 3 +- sql/modules/admin.sql | 7 ++ 5 files changed, 167 insertions(+), 148 deletions(-) diff --git a/LedgerSMB.pm b/LedgerSMB.pm index 3d5454a5..6c08715d 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -178,50 +178,49 @@ sub new { } $self->{_locale} = $locale; - $self->{stylesheet} = $self->{_user}->{stylesheet}; - if ( $self->{password} ) { - if ( - !Session::password_check( - $self, $self->{login}, $self->{password} - ) - ) - { - if ($self->is_run_mode('cgi', 'mod_perl')) { - $self->_get_password(); - } - else { - $self->error( __FILE__ . ':' . __LINE__ . ': ' - . $locale->text('Access Denied!') ); - } - exit; - } - else { - Session::session_create($self); - } - - } - else { - if ($self->is_run_mode('cgi', 'mod_perl')) { - my %cookie; - $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; - my @cookies = split /;/, $ENV{HTTP_COOKIE}; - foreach (@cookies) { - my ( $name, $value ) = split /=/, $_, 2; - $cookie{$name} = $value; - } +# if ( $self->{password} ) { +# if ( +# !Session::password_check( +# $self, $self->{ login }, $self->{ password } +# ) +# ) +# { +# if ($self->is_run_mode('cgi', 'mod_perl')) { +# $self->_get_password(); +# } +# else { +# $self->error( __FILE__ . ':' . __LINE__ . ': ' +# . $locale->text('Access Denied!') ); +# } +# exit; +# } +# else { +# Session::session_create($self); +# } + +# } +# else { +# if ($self->is_run_mode('cgi', 'mod_perl')) { +# my %cookie; +# $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; +# my @cookies = split /;/, $ENV{HTTP_COOKIE}; +# foreach (@cookies) { +# my ( $name, $value ) = split /=/, $_, 2; +# $cookie{$name} = $value; +# } #check for valid session - if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) { - $self->_get_password(1); - exit; - } - } - else { - exit; - } - } - - $self->{stylesheet} = $self->{_user}->{stylesheet}; +# if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) { +# $self->_get_password(1); +# exit; +# } +# } +# else { +# exit; +# } +# } + +# $self->{stylesheet} = $self->{_user}->{stylesheet}; $self->_db_init; @@ -668,8 +667,8 @@ sub _db_init { my $myconfig = $self->{_user}; my $dbh = DBI->connect( - $myconfig->{dbconnect}, $myconfig->{dbuser}, - $myconfig->{dbpasswd}, { AutoCommit => 0 } + $myconfig->{ dbconnect }, $myconfig->{ username }, + $self->{ password }, { AutoCommit => 0 } ) or $self->dberror; $dbh->{pg_server_prepare} = 0; @@ -750,7 +749,7 @@ sub type { my $self = shift @_; if (!$ENV{REQUEST_METHOD} or - ( $ENV{REQUEST_METHOD} ne ("HEAD" or "GET" or "POST") ) ) { + ( !grep {$ENV{REQUEST_METHOD} eq $_} ("HEAD", "GET", "POST") ) ) { $self->error("Request method unset or set to unknown value"); } diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm index e4884015..872dd419 100755 --- a/LedgerSMB/Session/DB.pm +++ b/LedgerSMB/Session/DB.pm @@ -41,17 +41,17 @@ sub session_check { my $checkQuery = $dbh->prepare( "SELECT u.username, s.transaction_id - FROM session as s, users as u - WHERE s.session_id = ? - AND s.users_id = u.id - AND s.last_used > now() - ?::interval" + FROM session as s, users as u + WHERE s.session_id = ? + AND s.users_id = u.id + AND s.last_used > now() - ?::interval" ); my $updateAge = $dbh->prepare( "UPDATE session - SET last_used = now(), - transaction_id = ? - WHERE session_id = ?;" + SET last_used = now(), + transaction_id = ? + WHERE session_id = ?;" ); #must be an integer @@ -269,11 +269,11 @@ sub password_check { #password was good, convert to md5 password and null crypted my $updatePassword = $dbh->prepare( "UPDATE users_conf - SET password = md5(?), - crypted_password = null - FROM users - WHERE users_conf.id = users.id - AND users.username = ?;" + SET password = md5(?), + crypted_password = null + FROM users + WHERE users_conf.id = users.id + AND users.username = ?;" ); $updatePassword->execute( $password, $username ) diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index b5b043d6..89033ed1 100644 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -80,16 +80,16 @@ sub new { # for now, this is querying the table directly... ugly my $fetchUserPrefs = $dbh->prepare( "SELECT acs, address, businessnumber, - company, countrycode, currency, - dateformat, dbdriver, dbhost, dbname, - dboptions, dbpasswd, dbport, dbuser, - email, fax, menuwidth, name, numberformat, - password, print, printer, role, sid, - signature, stylesheet, tel, templates, - timeout, vclimit, u.username - FROM users_conf as uc, users as u - WHERE u.username = ? - AND u.id = uc.id;" + company, countrycode, currency, + dateformat, dbdriver, dbhost, dbname, + dboptions, dbpasswd, dbport, dbuser, + email, fax, menuwidth, name, numberformat, + password, print, printer, role, sid, + signature, stylesheet, tel, templates, + timeout, vclimit, u.username + FROM users_conf as uc, users as u + WHERE u.username = ? + AND u.id = uc.id;" ); $fetchUserPrefs->execute($login); @@ -175,23 +175,37 @@ sub fetch_config { my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; # for now, this is querying the table directly... ugly - my $fetchUserPrefs = $dbh->prepare( - "SELECT acs, address, businessnumber, - company, countrycode, currency, - dateformat, dbdriver, dbhost, dbname, - dboptions, dbpasswd, dbport, dbuser, - email, fax, menuwidth, name, numberformat, - password, print, printer, role, sid, - signature, stylesheet, tel, templates, - timeout, vclimit, u.username - FROM users_conf as uc, users as u - WHERE u.username = ? - AND u.id = uc.id;" - ); - - $fetchUserPrefs->execute($login); - - my $userHashRef = $fetchUserPrefs->fetchrow_hashref; +# my $fetchUserPrefs = $dbh->prepare( +# "SELECT acs, address, businessnumber, +# company, countrycode, currency, +# dateformat, dbdriver, dbhost, dbname, +# dboptions, dbpasswd, dbport, dbuser, +# email, fax, menuwidth, name, numberformat, +# password, print, printer, role, sid, +# signature, stylesheet, tel, templates, +# timeout, vclimit, u.username +# FROM users_conf as uc, users as u +# WHERE u.username = ? +# AND u.id = uc.id;" +# ); + + my $fetchUserSettings = $dbh->prepare(" + SELECT + u.username, + uc.dbname, + uc.port, + uc.host + + FROM users u + JOIN user_connection uc ON uc.user_id = u.id + WHERE u.username = ? + "); + + $fetchUserSettings->execute($login); + + #$fetchUserPrefs->execute($login); + + my $userHashRef = $fetchUserSettings->fetchrow_hashref; if ( !$userHashRef ) { &error( $self, "Access Denied" ); } @@ -200,18 +214,18 @@ sub fetch_config { $myconfig{$key} = $value; } - chomp( $myconfig{'dbport'} ); + chomp( $myconfig{'port'} ); chomp( $myconfig{'dbname'} ); - chomp( $myconfig{'dbhost'} ); + chomp( $myconfig{'host'} ); $myconfig{'login'} = $login; $myconfig{'dbconnect'} = 'dbi:Pg:dbname=' . $myconfig{'dbname'} . ';host=' - . $myconfig{'dbhost'} + . $myconfig{'host'} . ';port=' - . $myconfig{'dbport'}; + . $myconfig{'port'}; return \%myconfig; } @@ -252,8 +266,8 @@ sub login { # we got a connection, check the version my $query = qq| - SELECT value FROM defaults - WHERE setting_key = 'version'|; + SELECT value FROM defaults + WHERE setting_key = 'version'|; my $sth = $dbh->prepare($query); $sth->execute || $form->dberror( __FILE__ . ':' . __LINE__ . $query ); @@ -276,10 +290,10 @@ sub login { $form->update_defaults( \%myconfig, "employeenumber", $dbh ); $query = qq| - INSERT INTO employee - (login, employeenumber, name, - workphone, role) - VALUES (?, ?, ?, ?, ?)|; + INSERT INTO employee + (login, employeenumber, name, + workphone, role) + VALUES (?, ?, ?, ?, ?)|; $sth = $dbh->prepare($query); $sth->execute( $login, $employeenumber, $myconfig{name}, @@ -325,8 +339,8 @@ sub check_recurring { $dbh->{pg_encode_utf8} = 1; my $query = qq| - SELECT count(*) FROM recurring - WHERE enddate >= current_date AND nextdate <= current_date|; + SELECT count(*) FROM recurring + WHERE enddate >= current_date AND nextdate <= current_date|; ($_) = $dbh->selectrow_array($query); $dbh->disconnect; @@ -421,9 +435,9 @@ sub dbsources { $dbh->{pg_enable_utf8} = 1; $query = qq| - SELECT tablename FROM pg_tables - WHERE tablename = 'defaults' - AND tableowner = ?|; + SELECT tablename FROM pg_tables + WHERE tablename = 'defaults' + AND tableowner = ?|; my $sth = $dbh->prepare($query); $sth->execute( $form->{dbuser} ) || $form->dberror( __FILE__ . ':' . __LINE__ . $query ); @@ -652,10 +666,10 @@ sub dbneedsupdate { if ( $form->{dbdriver} =~ /Pg/ ) { $query = qq| - SELECT d.datname - FROM pg_database d, pg_user u - WHERE d.datdba = u.usesysid - AND u.usename = ?|; + SELECT d.datname + FROM pg_database d, pg_user u + WHERE d.datdba = u.usesysid + AND u.usename = ?|; my $sth = $dbh->prepare($query); $sth->execute( $form->{dbuser} ) || $form->dberror( __FILE__ . ':' . __LINE__ . $query ); @@ -673,17 +687,17 @@ sub dbneedsupdate { $dbh->{pg_enable_utf8}; $query = qq| - SELECT tablename - FROM pg_tables - WHERE tablename = 'defaults'|; + SELECT tablename + FROM pg_tables + WHERE tablename = 'defaults'|; my $sth = $dbh->prepare($query); $sth->execute || $form->dberror( __FILE__ . ':' . __LINE__ . $query ); if ( $sth->fetchrow_array ) { $query = qq| - SELECT value FROM defaults - WHERE setting_key = 'version'|; + SELECT value FROM defaults + WHERE setting_key = 'version'|; my $sth = $dbh->prepare($query); $sth->execute; @@ -746,8 +760,8 @@ sub dbupdate { # check version $query = qq| - SELECT value FROM defaults - WHERE setting_key = 'version'|; + SELECT value FROM defaults + WHERE setting_key = 'version'|; my $sth = $dbh->prepare($query); # no error check, let it fall through @@ -904,18 +918,18 @@ sub save_member { # for now, this is updating the table directly... ugly my $userConfUpdate = $dbh->prepare( "UPDATE users_conf - SET acs = ?, address = ?, businessnumber = ?, - company = ?, countrycode = ?, currency = ?, - dateformat = ?, dbdriver = ?, - dbhost = ?, dbname = ?, dboptions = ?, - dbpasswd = ?, dbport = ?, dbuser = ?, - email = ?, fax = ?, menuwidth = ?, - name = ?, numberformat = ?, - print = ?, printer = ?, role = ?, - sid = ?, signature = ?, stylesheet = ?, - tel = ?, templates = ?, timeout = ?, - vclimit = ? - WHERE id = ?;" + SET acs = ?, address = ?, businessnumber = ?, + company = ?, countrycode = ?, currency = ?, + dateformat = ?, dbdriver = ?, + dbhost = ?, dbname = ?, dboptions = ?, + dbpasswd = ?, dbport = ?, dbuser = ?, + email = ?, fax = ?, menuwidth = ?, + name = ?, numberformat = ?, + print = ?, printer = ?, role = ?, + sid = ?, signature = ?, stylesheet = ?, + tel = ?, templates = ?, timeout = ?, + vclimit = ? + WHERE id = ?;" ); $userConfUpdate->execute( @@ -943,8 +957,8 @@ sub save_member { $userConfUpdate = $dbh->prepare( "UPDATE users_conf - SET password = md5(?) - WHERE id = ?" + SET password = md5(?) + WHERE id = ?" ); $userConfUpdate->execute( $self->{password}, $userID ); @@ -956,16 +970,16 @@ sub save_member { my $userConfInsert = $dbh->prepare( "INSERT INTO users_conf(acs, address, businessnumber, - company, countrycode, currency, - dateformat, dbdriver, - dbhost, dbname, dboptions, dbpasswd, - dbport, dbuser, email, fax, menuwidth, - name, numberformat, print, printer, role, - sid, signature, stylesheet, tel, templates, - timeout, vclimit, id, password) - VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, - ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, - ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));" + company, countrycode, currency, + dateformat, dbdriver, + dbhost, dbname, dboptions, dbpasswd, + dbport, dbuser, email, fax, menuwidth, + name, numberformat, print, printer, role, + sid, signature, stylesheet, tel, templates, + timeout, vclimit, id, password) + VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));" ); $userConfInsert->execute( @@ -1017,10 +1031,10 @@ sub save_member { if ($id) { $query = qq|UPDATE employee SET - role = ?, - email = ?, - name = ? - WHERE login = ?|; + role = ?, + email = ?, + name = ? + WHERE login = ?|; @values = ( $self->{role}, $self->{email}, $self->{name}, $login ); @@ -1030,10 +1044,10 @@ sub save_member { my ($employeenumber) = Form::update_defaults( "", \%$self, "employeenumber", $dbh ); $query = qq| - INSERT INTO employee - (login, employeenumber, name, - workphone, role, email, sales) - VALUES (?, ?, ?, ?, ?, ?, '1')|; + INSERT INTO employee + (login, employeenumber, name, + workphone, role, email, sales) + VALUES (?, ?, ?, ?, ?, ?, '1')|; @values = ( $login, $employeenumber, $self->{name}, @@ -1075,10 +1089,10 @@ sub delete_login { $sth->finish; my $query = qq| - UPDATE employee - SET login = NULL, - enddate = current_date - WHERE login = ?|; + UPDATE employee + SET login = NULL, + enddate = current_date + WHERE login = ?|; $sth = $dbh->prepare($query); $sth->execute($login); $dbh->commit; diff --git a/scripts/admin.pl b/scripts/admin.pl index 9947b501..18fb0ca8 100644 --- a/scripts/admin.pl +++ b/scripts/admin.pl @@ -10,7 +10,6 @@ sub new_user { # uses the same page as create_user, only pre-populated. #my ($class, $request) = @_; - my $class = shift @_; my $request = shift @_; my $admin = LedgerSMB::DBObject::Admin->new(base=>$request, copy=>'all'); @@ -154,7 +153,7 @@ sub __default { my ($class, $request) = @_; - # check for login + # TODO: check for login stuff. my $template; $template = LedgerSMB::Template->new( user=>$user, template=>'Admin/main', language=>$user->{language}, diff --git a/sql/modules/admin.sql b/sql/modules/admin.sql index 9423e737..5cb6773a 100644 --- a/sql/modules/admin.sql +++ b/sql/modules/admin.sql @@ -423,3 +423,10 @@ END; $$ LANGUAGE PLPGSQL; -- TODO: Add admin user + + +CREATE OR REPLACE FUNCTION admin_audit_log () returns int as $$ + + + +$$ language plpgsql; \ No newline at end of file -- cgit v1.2.3