Additions to authentication scheme. Logs to /tmp/sessionlog. Will mov…

…e this

to a db table.

C4/Auth.pm

@@ -33,6 +33,9 @@ sub checkauth {
 	    $message="You have been logged out due to inactivity.";
 	    my $sti=$dbh->prepare("delete from sessions where sessionID=?");
 	    $sti->execute($sessionID);
+	    open L, ">>/tmp/sessionlog";
+	    print L "$userid from $ip logged out at ".localtime(time())." (inactivity).\n";
+	    close L;
 	} elsif ($ip ne $ENV{'REMOTE_ADDR'}) {
 	    # Different ip than originally logged in from
 	    warn "$sessionID came from a new ip address.";
@@ -58,10 +61,16 @@ sub checkauth {
     if ($userid eq 'librarian' && $password eq 'koha') {
 	my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
 	$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
+	open L, ">>/tmp/sessionlog";
+	print L "$userid from ".$ENV{'REMOTE_ADDR'}." logged in at ".localtime(time()).".\n";
+	close L;
 	return ($userid, $sessionID, $sessionID);
     } elsif ($userid eq 'patron' && $password eq 'koha') {
 	my $sti=$dbh->prepare("insert into sessions (sessionID, userid, ip,lasttime) values (?, ?, ?, ?)");
 	$sti->execute($sessionID, $userid, $ENV{'REMOTE_ADDR'}, time());
+	open L, ">>/tmp/sessionlog";
+	print L "$userid from ".$ENV{'REMOTE_ADDR'}." at ".localtime(time()).".\n";
+	close L;
 	return ($userid, $sessionID, $sessionID);
     } else {
 	if ($userid) {

logout.pl

@@ -0,0 +1,63 @@
+#!/usr/bin/perl
+
+use CGI;
+use C4::Database;
+
+my $query=new CGI;
+
+my $sessionID=$query->cookie('sessionID');
+
+my $sessions;
+open (S, "/tmp/sessions");
+while (my ($sid, $u, $lasttime) = split(/:/, <S>)) {
+    chomp $lasttime;
+    (next) unless ($sid);
+    (next) if ($sid eq $sessionID);
+    $sessions->{$sid}->{'userid'}=$u;
+    $sessions->{$sid}->{'lasttime'}=$lasttime;
+}
+open (S, ">/tmp/sessions");
+foreach (keys %$sessions) {
+    my $userid=$sessions->{$_}->{'userid'};
+    my $lasttime=$sessions->{$_}->{'lasttime'};
+    print S "$_:$userid:$lasttime\n";
+}
+
+my $dbh=C4Connect;
+
+# Check that this is the ip that created the session before deleting it
+
+my $sth=$dbh->prepare("select userid,ip from sessions where sessionID=?");
+$sth->execute($sessionID);
+my ($userid, $ip);
+if ($sth->rows) {
+    ($userid,$ip) = $sth->fetchrow;
+    if ($ip ne $ENV{'REMOTE_ADDR'}) {
+       # attempt to logout from a different ip than cookie was created at
+       exit;
+    }
+}
+
+$sth=$dbh->prepare("delete from sessions where sessionID=?");
+$sth->execute($sessionID);
+open L, ">>/tmp/sessionlog";
+print L "$userid from $ip logged out at ".localtime(time())." (manual log out).\n";
+close L;
+
+my $cookie=$query->cookie(-name => 'sessionID',
+			  -value => '',
+			  -expires => '+1y');
+
+print $query->redirect("shelves.pl");
+
+exit;
+if ($sessionID) {
+    print "Logged out of $sessionID<br>\n";
+    print "<a href=shelves.pl>Login</a>";
+} else {
+    print "Not logged in.<br>\n";
+    print "<a href=shelves.pl>Login</a>";
+}
+
+
+

shelves.pl

@@ -26,7 +26,7 @@
 print startmenu('catalogue');
 
 
-print "Logged in as: $loggedinuser  <a href=logout.pl>Log Out</a><br>\n";
+print "Logged in as: $loggedinuser<br><a href=logout.pl>Log Out</a><br>\n";
 
 
 my ($shelflist) = GetShelfList();
@@ -169,6 +169,10 @@ sub viewshelf {
 
 #
 # $Log$
+# Revision 1.6  2002/07/04 21:09:43  tonnesen
+# Additions to authentication scheme.  Logs to /tmp/sessionlog.  Will move this
+# to a db table.
+#
 # Revision 1.5  2002/07/04 19:42:48  tonnesen
 # Minor changes
 #