Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 435 lines (365 sloc) 14.973 kb
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
1 # -*- tab-width: 8 -*-
2 # NOTE: This file uses 8-character tabs; do not change the tab size!
3
4 package InstallAuth;
5
6 # Copyright 2000-2002 Katipo Communications
7 #
8 # This file is part of Koha.
9 #
10 # Koha is free software; you can redistribute it and/or modify it under the
11 # terms of the GNU General Public License as published by the Free Software
12 # Foundation; either version 2 of the License, or (at your option) any later
13 # version.
14 #
15 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
16 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
18 #
19 # You should have received a copy of the GNU General Public License along with
20 # Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
21 # Suite 330, Boston, MA 02111-1307 USA
22
23 use strict;
24 use Digest::MD5 qw(md5_base64);
25
26 require Exporter;
27 use C4::Context;
100e6a9 functions that were in C4::Interface::CGI::Output are now in C4::Output.
hdl authored
28 use C4::Output;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
29 use C4::Koha;
24d5e31 Changing InstallAuth to use CGI::Session and fixing install.pl which bro...
Chris Cormack authored
30 use CGI::Session;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
31
32 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
33
34 # set the version for version checking
b9c20fa Patch from Galen Charlton, removing $Id$ $Log$ and $Revision$ from files
Chris Cormack authored
35 $VERSION = 3.00;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
36
37 =head1 NAME
38
39 InstallAuth - Authenticates Koha users for Install process
40
41 =head1 SYNOPSIS
42
43 use CGI;
44 use InstallAuth;
a7ba1bb kohabug 2105: prevent crash on IE7
Galen Charlton authored
45 use C4::Output;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
46
47 my $query = new CGI;
48
49 my ($template, $borrowernumber, $cookie)
50 = get_template_and_user({template_name => "opac-main.tmpl",
51 query => $query,
52 type => "opac",
53 authnotrequired => 1,
54 flagsrequired => {borrow => 1},
55 });
56
a7ba1bb kohabug 2105: prevent crash on IE7
Galen Charlton authored
57 output_html_with_http_headers $query, $cookie, $template->output;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
58
59 =head1 DESCRIPTION
60
61 The main function of this module is to provide
62 authentification. However the get_template_and_user function has
63 been provided so that a users login information is passed along
64 automatically. This gets loaded into the template.
65 This package is different from C4::Auth in so far as
66 C4::Auth uses many preferences which are supposed NOT to be obtainable when installing the database.
67
68 As in C4::Auth, Authentication is based on cookies.
69
70 =head1 FUNCTIONS
71
72 =over 2
73
74 =cut
75
76 @ISA = qw(Exporter);
77 @EXPORT = qw(
78 &checkauth
79 &get_template_and_user
80 &setlanguagecookie
81 );
82
83 =item get_template_and_user
84
85 my ($template, $borrowernumber, $cookie)
86 = get_template_and_user({template_name => "opac-main.tmpl",
87 query => $query,
88 type => "opac",
89 authnotrequired => 1,
90 flagsrequired => {borrow => 1},
91 });
92
93 This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
94 to C<&checkauth> (in this module) to perform authentification.
95 See C<&checkauth> for an explanation of these parameters.
96
97 The C<template_name> is then used to find the correct template for
98 the page. The authenticated users details are loaded onto the
99 template in the HTML::Template LOOP variable C<USER_INFO>. Also the
100 C<sessionID> is passed to the template. This can be used in templates
101 if cookies are disabled. It needs to be put as and input to every
102 authenticated page.
103
104 More information on the C<gettemplate> sub can be found in the
105 Output.pm module.
106
107 =cut
108
109 sub get_template_and_user {
110 my $in = shift;
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
111 my $query = $in->{'query'};
112 my $language = $query->cookie('KohaOpacLanguage');
113 my $path =
114 C4::Context->config('intrahtdocs') . "/prog/"
115 . ( $language ? $language : "en" );
116 my $template = HTML::Template::Pro->new(
d1f6407 moved images to img fixed installer path for templates
Joshua Ferraro authored
117 filename => "$path/modules/" . $in->{template_name},
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
118 die_on_bad_params => 1,
119 global_vars => 1,
120 case_sensitive => 1,
121 path => ["$path/includes"]
122 );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
123
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
124 my ( $user, $cookie, $sessionID, $flags ) = checkauth(
125 $in->{'query'},
126 $in->{'authnotrequired'},
127 $in->{'flagsrequired'},
128 $in->{'type'}
129 );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
130
131 # use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie);
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
132
133 my $borrowernumber;
134 if ($user) {
135 $template->param( loggedinusername => $user );
136 $template->param( sessionID => $sessionID );
137
138 # We are going to use the $flags returned by checkauth
139 # to create the template's parameters that will indicate
140 # which menus the user can access.
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
141 if ( ( $flags && $flags->{superlibrarian} == 1 ) ) {
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
142 $template->param( CAN_user_circulate => 1 );
143 $template->param( CAN_user_catalogue => 1 );
144 $template->param( CAN_user_parameters => 1 );
145 $template->param( CAN_user_borrowers => 1 );
146 $template->param( CAN_user_permission => 1 );
147 $template->param( CAN_user_reserveforothers => 1 );
148 $template->param( CAN_user_borrow => 1 );
149 $template->param( CAN_user_editcatalogue => 1 );
fbc151c Auth.pm should have "CAN_user_updatecharges" (plural), and this change t...
Joe Atzberger authored
150 $template->param( CAN_user_updatecharges => 1 );
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
151 $template->param( CAN_user_acquisition => 1 );
152 $template->param( CAN_user_management => 1 );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
153 $template->param( CAN_user_tools => 1 );
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
154 $template->param( CAN_user_editauthorities => 1 );
155 $template->param( CAN_user_serials => 1 );
156 $template->param( CAN_user_reports => 1 );
157 }
158 }
159 return ( $template, $borrowernumber, $cookie );
160 }
161
162 =item checkauth
163
164 ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type);
165
166 Verifies that the user is authorized to run this script. If
167 the user is authorized, a (userid, cookie, session-id, flags)
168 quadruple is returned. If the user is not authorized but does
169 not have the required privilege (see $flagsrequired below), it
170 displays an error page and exits. Otherwise, it displays the
171 login page and exits.
172
173 Note that C<&checkauth> will return if and only if the user
174 is authorized, so it should be called early on, before any
175 unfinished operations (e.g., if you've opened a file, then
176 C<&checkauth> won't close it for you).
177
178 C<$query> is the CGI object for the script calling C<&checkauth>.
179
180 The C<$noauth> argument is optional. If it is set, then no
181 authorization is required for the script.
182
183 C<&checkauth> fetches user and session information from C<$query> and
184 ensures that the user is authorized to run scripts that require
185 authorization.
186
187 The C<$flagsrequired> argument specifies the required privileges
188 the user must have if the username and password are correct.
189 It should be specified as a reference-to-hash; keys in the hash
190 should be the "flags" for the user, as specified in the Members
191 intranet module. Any key specified must correspond to a "flag"
192 in the userflags table. E.g., { circulate => 1 } would specify
193 that the user must have the "circulate" privilege in order to
194 proceed. To make sure that access control is correct, the
195 C<$flagsrequired> parameter must be specified correctly.
196
197 The C<$type> argument specifies whether the template should be
198 retrieved from the opac or intranet directory tree. "opac" is
199 assumed if it is not specified; however, if C<$type> is specified,
200 "intranet" is assumed if it is not "opac".
201
202 If C<$query> does not have a valid session ID associated with it
203 (i.e., the user has not logged in) or if the session has expired,
204 C<&checkauth> presents the user with a login page (from the point of
205 view of the original script, C<&checkauth> does not return). Once the
206 user has authenticated, C<&checkauth> restarts the original script
207 (this time, C<&checkauth> returns).
208
209 The login page is provided using a HTML::Template, which is set in the
210 systempreferences table or at the top of this file. The variable C<$type>
211 selects which template to use, either the opac or the intranet
212 authentification template.
213
214 C<&checkauth> returns a user ID, a cookie, and a session ID. The
215 cookie should be sent back to the browser; it verifies that the user
216 has authenticated.
217
218 =cut
219
220 sub checkauth {
221 my $query = shift;
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
222
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
223 # $authnotrequired will be set for scripts which will run without authentication
224 my $authnotrequired = shift;
225 my $flagsrequired = shift;
226 my $type = shift;
227 $type = 'intranet' unless $type;
228
24d5e31 Changing InstallAuth to use CGI::Session and fixing install.pl which bro...
Chris Cormack authored
229 my $dbh = C4::Context->dbh();
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
230 my $template_name;
231 $template_name = "installer/auth.tmpl";
232
233 # state variables
234 my $loggedin = 0;
235 my %info;
236 my ( $userid, $cookie, $sessionID, $flags, $envcookie );
237 my $logout = $query->param('logout.x');
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
238 if ( $sessionID = $query->cookie("CGISESSID") ) {
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
239 C4::Context->_new_userenv($sessionID);
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
240 my $session =
8d7d372 @PaulPoulain use YAML for installer auth like we do for Koha itself
PaulPoulain authored
241 new CGI::Session( "driver:File;serializer:yaml", $sessionID,
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
242 { Directory => '/tmp' } );
f14a897 Fixing a bug that was causing the installer to not check the password
Chris Cormack authored
243 if ( $session->param('cardnumber') ) {
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
244 C4::Context::set_userenv(
245 $session->param('number'),
246 $session->param('id'),
247 $session->param('cardnumber'),
248 $session->param('firstname'),
249 $session->param('surname'),
250 $session->param('branch'),
251 $session->param('branchname'),
252 $session->param('flags'),
253 $session->param('emailaddress'),
254 $session->param('branchprinter')
255 );
256 $cookie = $query->cookie( CGISESSID => $session->id );
257 $loggedin = 1;
258 $userid = $session->param('cardnumber');
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
259 }
260 my ( $ip, $lasttime );
261
262 if ($logout) {
263
264 # voluntary logout the user
265 C4::Context->_unset_userenv($sessionID);
266 $sessionID = undef;
267 $userid = undef;
268 open L, ">>/tmp/sessionlog";
269 my $time = localtime( time() );
270 printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
271 $ip, $time;
272 close L;
273 }
274 }
275 unless ($userid) {
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
276 my $session =
6696633 completed use of YAML by InstallAuth
Galen Charlton authored
277 new CGI::Session( "driver:File;serializer:yaml", undef, { Directory => '/tmp' } );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
278 $sessionID = $session->id;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
279 $userid = $query->param('userid');
280 C4::Context->_new_userenv($sessionID);
281 my $password = $query->param('password');
282 C4::Context->_new_userenv($sessionID);
283 my ( $return, $cardnumber ) = checkpw( $userid, $password );
284 if ($return) {
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
285 $loggedin = 1;
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
286 open L, ">>/tmp/sessionlog";
287 my $time = localtime( time() );
288 printf L "%20s from %16s logged in at %30s.\n", $userid,
289 $ENV{'REMOTE_ADDR'}, $time;
290 close L;
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
291 $cookie = $query->cookie( CGISESSID => $sessionID );
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
292 if ( $return == 2 ) {
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
293
294 #Only superlibrarian should have access to this page.
295 #Since if it is a user, it is supposed that there is a borrower table
296 #And thus that data structure is loaded.
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
297 my $hash = C4::Context::set_userenv(
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
298 0, 0,
299 C4::Context->config('user'), C4::Context->config('user'),
300 C4::Context->config('user'), "",
301 "NO_LIBRARY_SET", 1,
302 ""
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
303 );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
304 $session->param( 'number', 0 );
305 $session->param( 'id', C4::Context->config('user') );
306 $session->param( 'cardnumber', C4::Context->config('user') );
307 $session->param( 'firstname', C4::Context->config('user') );
308 $session->param( 'surname', C4::Context->config('user'), );
309 $session->param( 'branch', 'NO_LIBRARY_SET' );
310 $session->param( 'branchname', 'NO_LIBRARY_SET' );
311 $session->param( 'flags', 1 );
312 $session->param( 'emailaddress',
313 C4::Context->preference('KohaAdminEmailAddress') );
314 $session->param( 'ip', $session->remote_addr() );
315 $session->param( 'lasttime', time() );
316 $userid = C4::Context->config('user');
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
317 }
318 }
319 else {
320 if ($userid) {
321 $info{'invalid_username_or_password'} = 1;
322 C4::Context->_unset_userenv($sessionID);
323 }
324 }
325 }
326
327 # finished authentification, now respond
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
328 if ($loggedin) {
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
329
330 # successful login
331 unless ($cookie) {
332 $cookie = $query->cookie(
8494eff Removing warn in Auth.pm
Chris Cormack authored
333 -name => 'CGISESSID',
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
334 -value => '',
335 -expires => ''
336 );
337 }
338 if ($envcookie) {
339 return ( $userid, [ $cookie, $envcookie ], $sessionID, $flags );
340 }
341 else {
342 return ( $userid, $cookie, $sessionID, $flags );
343 }
344 }
345
346 # else we have a problem...
347 # get the inputs from the incoming query
348 my @inputs = ();
349 foreach my $name ( param $query) {
350 (next) if ( $name eq 'userid' || $name eq 'password' );
351 my $value = $query->param($name);
352 push @inputs, { name => $name, value => $value };
353 }
354
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
355 my $path =
356 C4::Context->config('intrahtdocs') . "/prog/"
357 . ( $query->param('language') ? $query->param('language') : "en" );
358 my $template = HTML::Template::Pro->new(
d1f6407 moved images to img fixed installer path for templates
Joshua Ferraro authored
359 filename => "$path/modules/$template_name",
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
360 die_on_bad_params => 1,
361 global_vars => 1,
362 case_sensitive => 1,
363 path => ["$path/includes"]
364 );
365 $template->param(
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
366 INPUTS => \@inputs,
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
367
368 );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
369 $template->param( login => 1 );
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
370 $template->param( loginprompt => 1 ) unless $info{'nopermission'};
371
372 my $self_url = $query->url( -absolute => 1 );
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
373 $template->param( url => $self_url, );
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
374 $template->param( \%info );
375 $cookie = $query->cookie(
24d5e31 Changing InstallAuth to use CGI::Session and fixing install.pl which bro...
Chris Cormack authored
376 -name => 'CGISESSID',
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
377 -value => $sessionID,
378 -expires => ''
379 );
380 print $query->header(
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
381 -type => 'text/html; charset=utf-8',
382 -cookie => $cookie
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
383 ),
384 $template->output;
385 exit;
386 }
387
388 sub checkpw {
389
390 my ( $userid, $password ) = @_;
391
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
392 if ( $userid
393 && $userid eq C4::Context->config('user')
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
394 && "$password" eq C4::Context->config('pass') )
395 {
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
396
397 # Koha superuser account
398 C4::Context->set_userenv(
399 0, 0,
400 C4::Context->config('user'),
401 C4::Context->config('user'),
402 C4::Context->config('user'),
403 "", 1
404 );
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
405 return 2;
406 }
836b985 content-type was incorrectly set in InstallAuth.pm
Joshua Ferraro authored
407 if ( $userid
408 && $userid eq 'demo'
f8e9fb6 rel_3_0 moved to HEAD (introducing new files)
tipaul authored
409 && "$password" eq 'demo'
410 && C4::Context->config('demo') )
411 {
412
413 # DEMO => the demo user is allowed to do everything (if demo set to 1 in koha.conf
414 # some features won't be effective : modify systempref, modify MARC structure,
415 return 2;
416 }
417 return 0;
418 }
419
420 END { } # module clean-up code here (global destructor)
421 1;
422 __END__
423
424 =back
425
426 =head1 SEE ALSO
427
428 CGI(3)
429
430 C4::Output(3)
431
432 Digest::MD5(3)
433
434 =cut
Something went wrong with that request. Please try again.