From 185adfbfe7930d56b4f8847127d0b833af7aa71f Mon Sep 17 00:00:00 2001 From: tonnesen Date: Thu, 4 Jul 2002 21:09:43 +0000 Subject: [PATCH] Additions to authentication scheme. Logs to /tmp/sessionlog. Will move this to a db table. --- C4/Auth.pm | 9 ++++++++ logout.pl | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ shelves.pl | 6 +++++- 3 files changed, 77 insertions(+), 1 deletion(-) create mode 100755 logout.pl diff --git a/C4/Auth.pm b/C4/Auth.pm index 0908b85fa0..ddcddafde9 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -33,6 +33,9 @@ sub checkauth { $message="You have been logged out due to inactivity."; my $sti=$dbh->prepare("delete from sessions where sessionID=?"); $sti->execute($sessionID); + open L, ">>/tmp/sessionlog"; + print L "$userid from $ip logged out at ".localtime(time())." (inactivity).\n"; + close L; } elsif ($ip ne $ENV{'REMOTE_ADDR'}) { # Different ip than originally logged in from warn "$sessionID came from a new ip address."; @@ -58,10 +61,16 @@ sub checkauth { if ($userid eq 'librarian' && $password eq 'koha') { my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); + open L, ">>/tmp/sessionlog"; + print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n"; + close L; return ($userid, $sessionID, $sessionID); } elsif ($userid eq 'patron' && $password eq 'koha') { my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)"); $sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time()); + open L, ">>/tmp/sessionlog"; + print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n"; + close L; return ($userid, $sessionID, $sessionID); } else { if ($userid) { diff --git a/logout.pl b/logout.pl new file mode 100755 index 0000000000..0713f21627 --- /dev/null +++ b/logout.pl @@ -0,0 +1,63 @@ +#!/usr/bin/perl + +use CGI; +use C4::Database; + +my $query=new CGI; + +my $sessionID=$query->cookie('sessionID'); + +my $sessions; +open (S, "/tmp/sessions"); +while (my ($sid, $u, $lasttime) = split(/:/, )) { + chomp $lasttime; + (next) unless ($sid); + (next) if ($sid eq $sessionID); + $sessions->{$sid}->{'userid'}=$u; + $sessions->{$sid}->{'lasttime'}=$lasttime; +} +open (S, ">/tmp/sessions"); +foreach (keys %$sessions) { + my $userid=$sessions->{$_}->{'userid'}; + my $lasttime=$sessions->{$_}->{'lasttime'}; + print S "$_:$userid:$lasttime\n"; +} + +my $dbh=C4Connect; + +# Check that this is the ip that created the session before deleting it + +my $sth=$dbh->prepare("select userid,ip from sessions where sessionID=?"); +$sth->execute($sessionID); +my ($userid, $ip); +if ($sth->rows) { + ($userid,$ip) = $sth->fetchrow; + if ($ip ne $ENV{'REMOTE_ADDR'}) { + # attempt to logout from a different ip than cookie was created at + exit; + } +} + +$sth=$dbh->prepare("delete from sessions where sessionID=?"); +$sth->execute($sessionID); +open L, ">>/tmp/sessionlog"; +print L "$userid from $ip logged out at ".localtime(time())." (manual log out).\n"; +close L; + +my $cookie=$query->cookie(-name => 'sessionID', + -value => '', + -expires => '+1y'); + +print $query->redirect("shelves.pl"); + +exit; +if ($sessionID) { + print "Logged out of $sessionID
\n"; + print "Login"; +} else { + print "Not logged in.
\n"; + print "Login"; +} + + + diff --git a/shelves.pl b/shelves.pl index 87a13ccf55..a833c87063 100755 --- a/shelves.pl +++ b/shelves.pl @@ -26,7 +26,7 @@ print startmenu('catalogue'); -print "Logged in as: $loggedinuser Log Out
\n"; +print "Logged in as: $loggedinuser
Log Out
\n"; my ($shelflist) = GetShelfList(); @@ -169,6 +169,10 @@ sub viewshelf { # # $Log$ +# Revision 1.6 2002/07/04 21:09:43 tonnesen +# Additions to authentication scheme. Logs to /tmp/sessionlog. Will move this +# to a db table. +# # Revision 1.5 2002/07/04 19:42:48 tonnesen # Minor changes #