[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb: [479] trunk



Revision: 479
          http://svn.sourceforge.net/ledger-smb/?rev=479&view=rev
Author:   christopherm
Date:     2006-11-02 21:13:21 -0800 (Thu, 02 Nov 2006)

Log Message:
-----------
moving all user preferences into the central db. This will break current test installs or anyone running HEAD. Please see ledger-smb.conf. You will also need to create the central db (using Pg-central.sql) and set the admin user password (md5(something)). More info to be given on the legdger-smb-devel mailing list

Modified Paths:
--------------
    trunk/LedgerSMB/AM.pm
    trunk/LedgerSMB/Session/DB.pm
    trunk/LedgerSMB/User.pm
    trunk/admin.pl
    trunk/bin/admin.pl
    trunk/bin/am.pl
    trunk/bin/arapprn.pl
    trunk/bin/hr.pl
    trunk/bin/login.pl
    trunk/ledger-smb.conf
    trunk/login.pl
    trunk/menu.pl
    trunk/sql/Pg-database.sql

Added Paths:
-----------
    trunk/sql/Pg-central.sql

Modified: trunk/LedgerSMB/AM.pm
===================================================================
--- trunk/LedgerSMB/AM.pm	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/LedgerSMB/AM.pm	2006-11-03 05:13:21 UTC (rev 479)
@@ -1335,7 +1335,7 @@
 
 	$dbh->commit;
 
-	my $myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+	my $myconfig = LedgerSMB::User->new($form->{login});
 
 	foreach my $item (keys %$form) {
 		$myconfig->{$item} = $form->{$item};
@@ -1343,7 +1343,7 @@
 
 	$myconfig->{password} = $form->{new_password} if ($form->{old_password} ne $form->{new_password});
 
-	$myconfig->save_member(${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath});
+	$myconfig->save_member();
 
 	1;
 

Modified: trunk/LedgerSMB/Session/DB.pm
===================================================================
--- trunk/LedgerSMB/Session/DB.pm	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/LedgerSMB/Session/DB.pm	2006-11-03 05:13:21 UTC (rev 479)
@@ -28,11 +28,11 @@
 
 sub session_check {
 
-	my ($cookie, $form, %myconfig) = @_;
+	my ($cookie, $form) = @_;
 	my ($sessionid, $token) = split /:/, $cookie;
 
-	# connect to database
-	my $dbh = DBI->connect($myconfig{dbconnect}, $myconfig{dbuser}, $myconfig{dbpasswd});
+	# use the central database handle
+	my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; 
 
 	my $checkQuery = $dbh->prepare("SELECT sl_login FROM session WHERE session_id = ? AND token = ? AND last_used > now() - ?::interval");
 
@@ -53,7 +53,7 @@
 	}
 
 	$checkQuery->execute($sessionid, $token, $timeout) 
-		|| $form->dberror('Looking for session: ');
+		|| $form->dberror(__FILE__.':'.__LINE__.': Looking for session: ');
 	my $sessionValid = $checkQuery->rows;
 
 	if($sessionValid){
@@ -65,7 +65,7 @@
 		$login =~ s/..hidden..//g;
 
 		if($sessionLogin eq $login){
-			$updateAge->execute($sessionid) || $form->dberror('Updating session age: ');
+			$updateAge->execute($sessionid) || $form->dberror(__FILE__.':'.__LINE__.': Updating session age: ');
 			return 1;
 
 		} else {
@@ -85,10 +85,10 @@
 }
 
 sub session_create {
-	my ($form, %myconfig) = @_;
+	my ($form) = @_;
 
-	# connect to database
-	my $dbh = DBI->connect($myconfig{dbconnect}, $myconfig{dbuser}, $myconfig{dbpasswd});
+	# use the central database handle
+	my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; 
 
 	# TODO Change this to use %myconfig
 	my $deleteExisting = $dbh->prepare("DELETE FROM session WHERE sl_login = ? AND age(last_used) > ?::interval");  
@@ -110,19 +110,19 @@
 	   $myconfig{timeout} = 86400;
 	}
 
-	$deleteExisting->execute($login, "$myconfig{timeout} seconds") || $form->dberror('Delete from session: ');
+	$deleteExisting->execute($login, "$myconfig{timeout} seconds") || $form->dberror(__FILE__.':'.__LINE__.': Delete from session: ');
 
 	#doing the md5 and random stuff in the db so that LedgerSMB won't
 	#require new perl modules (Digest::MD5 and a good random generator)
-	$fetchSequence->execute() || $form->dberror('Fetch sequence id: ');
+	$fetchSequence->execute() || $form->dberror(__FILE__.':'.__LINE__.': Fetch sequence id: ');
 	my ($newSessionID, $newToken) = $fetchSequence->fetchrow_array;
 
 	#create a new session
-	$createNew->execute($newSessionID, $login, $newToken) || $form->dberror('Create new session: ');
+	$createNew->execute($newSessionID, $login, $newToken) || $form->dberror(__FILE__.':'.__LINE__.': Create new session: ');
 
 	#reseed the random number generator
 	my $randomSeed = 1.0 * ('0.'. (time() ^ ($$ + ($$ <<15))));
-	$seedRandom->execute($randomSeed)|| $form->dberror('Reseed random generator: ');;
+	$seedRandom->execute($randomSeed)|| $form->dberror(__FILE__.':'.__LINE__.': Reseed random generator: ');
 
 	$newCookieValue = $newSessionID . ':' . $newToken;
 
@@ -139,16 +139,16 @@
 	# which means that the db connection parameters are not available.
 	# moving user prefs and the session table into a central db will solve this issue
 
-	my ($form, %myconfig) = @_;
+	my ($form) = @_;
 
 	my $login = $form->{login};
 	$login =~ s/..hidden..//g;
 
-	# connect to database
-	my $dbh = DBI->connect($myconfig{dbconnect}, $myconfig{dbuser}, $myconfig{dbpasswd});
+	# use the central database handle
+	my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
 
 	my $deleteExisting = $dbh->prepare("DELETE FROM session WHERE sl_login = ?;");
-	$deleteExisting->execute($login) || $form->dberror('Delete from session: ');
+	$deleteExisting->execute($login) || $form->dberror(__FILE__.':'.__LINE__.': Delete from session: ');
 
 	#delete the cookie in the browser
 	print qq|Set-Cookie: LedgerSMB=; path=/;\n|;

Modified: trunk/LedgerSMB/User.pm
===================================================================
--- trunk/LedgerSMB/User.pm	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/LedgerSMB/User.pm	2006-11-03 05:13:21 UTC (rev 479)
@@ -33,47 +33,47 @@
 
 package LedgerSMB::User;
 use LedgerSMB::Sysconfig;
+use Data::Dumper; 
 
-
 sub new {
-	my ($type, $memfile, $login) = @_;
+	
+	my ($type, $login) = @_;
 	my $self = {};
 
 	if ($login ne "") {
-		&error("", "$memfile locked!") if (-f "${memfile}.LCK");
-    
-		open(MEMBER, "$memfile") or &error("", "$memfile : $!");
-    
-		while (<MEMBER>) {
-			if (/^\[$login\]/) {
-				while (<MEMBER>) {
-					last if /^\[/;
-					next if /^(#|\s)/;
-	  
-					# remove comments
-	  
-					s/^\s*#.*//g;
 
-					# remove any trailing whitespace
-					s/^\s*(.*?)\s*$/$1/;
+		# use central db
+		my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
+  
+		# for now, this is querying the table directly... ugly 
+		my $fetchUserPrefs = $dbh->prepare("SELECT acs, address, businessnumber,
+												   company, countrycode, currency,
+												   dateformat, dbconnect, dbdriver,
+												   dbhost, dbname, dboptions, dbpasswd,
+												   dbport, dbuser, email, fax, menuwidth,
+												   name, numberformat, password, print,
+												   printer, role, sid, signature, stylesheet,
+												   tel, templates, timeout, vclimit, u.username
+											  FROM users_conf as uc, users as u
+											 WHERE u.username =  ?
+											   AND u.id = uc.id;");
 
-					($key, $value) = split /=/, $_, 2;
-	  
-					$self->{$key} = $value;
-				}
-	
-				$self->{login} = $login;
+		$fetchUserPrefs->execute($login);
 
-				last;
-			}
+		my $userHashRef = $fetchUserPrefs->fetchrow_hashref;
+
+		while ( my ($key, $value) = each(%{$userHashRef}) ) {
+			$self->{$key} = $value;
 		}
-		close MEMBER;
+
+		if($self->{username}){
+			$self->{login} = $login;
+		}
 	}
   
 	bless $self, $type;
 }
 
-
 sub country_codes {
 	use Locale::Country;
 	use Locale::Language;
@@ -99,43 +99,71 @@
 
 }
 
+sub fetch_config {
+#I'm hoping that this function will go and is a temporary bridge
+#until we get rid of %myconfig elsewhere in the code
 
+	my ($self, $login) = @_;
+
+	if ($login ne "") {
+  
+		# use central db
+		my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
+  
+		# for now, this is querying the table directly... ugly 
+		my $fetchUserPrefs = $dbh->prepare("SELECT acs, address, businessnumber,
+												   company, countrycode, currency,
+												   dateformat, dbconnect, dbdriver,
+												   dbhost, dbname, dboptions, dbpasswd,
+												   dbport, dbuser, email, fax, menuwidth,
+												   name, numberformat, password, print,
+												   printer, role, sid, signature, stylesheet,
+												   tel, templates, timeout, vclimit
+											  FROM users_conf as uc, users as u
+											 WHERE u.username =  ?
+											   AND u.id = uc.id;");
+
+		$fetchUserPrefs->execute($login);
+
+		my $userHashRef = $fetchUserPrefs->fetchrow_hashref;
+
+		while ( my ($key, $value) = each(%{$userHashRef}) ) {
+			$myconfig{$key} = $value;
+		}
+	}
+ 
+	return \%myconfig;
+}
+
 sub login {
+	use Digest::MD5;
+
 	my ($self, $form) = @_;
 
 	my $rc = -1;
   
 	if ($self->{login} ne "") {
+		if ($self->{password} ne (Digest::MD5::md5_hex $form->{password}) ) {
+			return -1;
+		}
 
-		if ($self->{password} ne "") {
-			my $password = 
-				crypt $form->{password}, 
-					substr($self->{login}, 0, 2);
-			if ($self->{password} ne $password) {
-				return -1;
-			}
+		#this is really dumb, but %myconfig will have to stay until 1.3    
+		while ( my ($key, $value) = each(%{$self}) ) {
+			$myconfig{$key} = $value;
 		}
-    
-		#there shouldn't be any harm in always doing this. 
-		#It might even un-bork things.
-  		$self->create_config(
-			"${LedgerSMB::Sysconfig::userspath}/$self->{login}.conf");
-    
-		do "${LedgerSMB::Sysconfig::userspath}/$self->{login}.conf";
-		$myconfig{dbpasswd} = unpack 'u', $myconfig{dbpasswd};
-  
+
 		# check if database is down
 		my $dbh = DBI->connect(
 			$myconfig{dbconnect}, $myconfig{dbuser}, 
 			$myconfig{dbpasswd}) 
-				or $self->error($DBI::errstr);
+				or $self->error(__FILE__.':'.__LINE__.': '.$DBI::errstr);
 
 		# we got a connection, check the version
 		my $query = qq|
 			SELECT value FROM defaults 
 			 WHERE setting_key = 'version'|;
 		my $sth = $dbh->prepare($query);
-		$sth->execute || $form->dberror($query);
+		$sth->execute || $form->dberror(__FILE__.':'.__LINE__.$query);
 
 		my ($dbversion) = $sth->fetchrow_array;
 		$sth->finish;
@@ -195,11 +223,9 @@
 sub check_recurring {
 	my ($self, $form) = @_;
 
-	$self->{dbpasswd} = unpack 'u', $self->{dbpasswd};
-
 	my $dbh = DBI->connect(
 		$self->{dbconnect}, $self->{dbuser}, $self->{dbpasswd}) 
-			or $form->dberror;
+			or $form->dberror(__FILE__.':'.__LINE__);
 
 	my $query = qq|
 		SELECT count(*) FROM recurring
@@ -265,14 +291,14 @@
 
 	my $dbh = DBI->connect(
 		$form->{dbconnect}, $form->{dbuser}, $form->{dbpasswd}) 
-			or $form->dberror;
+			or $form->dberror(__FILE__.':'.__LINE__);
 
 
 	if ($form->{dbdriver} eq 'Pg') {
 
 		$query = qq|SELECT datname FROM pg_database|;
 		$sth = $dbh->prepare($query);
-		$sth->execute || $form->dberror($query);
+		$sth->execute || $form->dberror(__FILE__.':'.__LINE__.$query);
     
 		while (my ($db) = $sth->fetchrow_array) {
 
@@ -284,7 +310,7 @@
 				my $dbh = DBI->connect(
 					$form->{dbconnect}, $form->{dbuser}, 
 					$form->{dbpasswd}) 
-						or $form->dberror;
+						or $form->dberror(__FILE__.':'.__LINE__);
 
 				$query = qq|
 					SELECT tablename FROM pg_tables
@@ -292,7 +318,7 @@
 					   AND tableowner = ?|;
 				my $sth = $dbh->prepare($query);
 				$sth->execute($form->{dbuser}) 
-					|| $form->dberror($query);
+					|| $form->dberror(__FILE__.':'.__LINE__.$query);
 
 				if ($sth->fetchrow_array) {
 					push @dbsources, $db;
@@ -330,9 +356,9 @@
  			$form->{dbconnect}, 
 			$form->{dbsuperuser}, 
 			$form->{dbsuperpasswd}) 
-				or $form->dberror;
+				or $form->dberror(__FILE__.':'.__LINE__);
 		my $query = qq|$dbcreate{$form->{dbdriver}}|;
-		$superdbh->do($query) || $form->dberror($query);
+		$superdbh->do($query) || $form->dberror(__FILE__.':'.__LINE__.$query);
     
 		$superdbh->disconnect;  
 	}
@@ -344,13 +370,13 @@
 		$form->{dbconnect}, 
 		$form->{dbuser}, 
 		$form->{dbpasswd}) 
-			or $form->dberror;
+			or $form->dberror(__FILE__.':'.__LINE__);
 	if ($form->{dbsuperuser}){
 		my $superdbh = DBI->connect(
 			$form->{dbconnect}, 
 			$form->{dbsuperuser}, 
 			$form->{dbsuperpasswd}) 
-				or $form->dberror;
+				or $form->dberror(__FILE__.':'.__LINE__);
 		# JD: We need to check for plpgsql, 
 		# if it isn't there create it, if we can't error
 		# Good chance I will have to do this twice as I get 
@@ -400,12 +426,12 @@
   
 	return unless (-f $filename);
   
-	open(FH, "$filename") or $form->error("$filename : $!\n");
+	open(FH, "$filename") or $form->error(__FILE__.':'.__LINE__.": $filename : $!\n");
 	$ENV{PGPASSWORD} = $form->{dbpasswd};
 	$ENV{PGUSER} = $form->{dbuser};
 	$ENV{PGDATABASE} = $form->{db};
 	
-	open(PSQL, "| psql") or $form->error("psql : $! \n");
+	open(PSQL, "| psql") or $form->error(__FILE__.':'.__LINE__.": psql : $! \n");
 	print PSQL "\\o spool/log \n";
 	while (<FH>){
 		print PSQL $_;
@@ -423,9 +449,9 @@
 	&dbconnect_vars($form, $form->{dbdefault});
 	my $dbh = DBI->connect(
 		$form->{dbconnect}, $form->{dbuser}, $form->{dbpasswd}) 
-			or $form->dberror;
+			or $form->dberror(__FILE__.':'.__LINE__);
 	my $query = qq|DROP DATABASE "$form->{db}"|;
-	$dbh->do($query) || $form->dberror($query);
+	$dbh->do($query) || $form->dberror(__FILE__.':'.__LINE__.$query);
 
 	$dbh->disconnect;
 
@@ -439,10 +465,10 @@
 	my @dbexcl = ();
 	my @dbsources = ();
   
-	$form->error("$memfile locked!") if (-f "${memfile}.LCK");
+	$form->error(__FILE__.':'.__LINE__.": $memfile locked!") if (-f "${memfile}.LCK");
   
 	# open members file
-	open(FH, "$memfile") or $form->error("$memfile : $!");
+	open(FH, "$memfile") or $form->error(__FILE__.':'.__LINE__.": $memfile : $!");
 
 	while (<FH>) {
 		if (/^dbname=/) {
@@ -480,7 +506,7 @@
 
 	my $dbh = DBI->connect(
 		$form->{dbconnect}, $form->{dbuser}, $form->{dbpasswd}) 
-			or $form->dberror;
+			or $form->dberror(__FILE__.':'.__LINE__);
 
 	if ($form->{dbdriver} =~ /Pg/) {
 
@@ -490,7 +516,7 @@
 			 WHERE d.datdba = u.usesysid
 			       AND u.usename = ?|;
 		my $sth = $dbh->prepare($query);
-		$sth->execute($form->{dbuser}) || $form->dberror($query);
+		$sth->execute($form->{dbuser}) || $form->dberror(__FILE__.':'.__LINE__.$query);
     
 		while (my ($db) = $sth->fetchrow_array) {
 
@@ -501,14 +527,14 @@
 			my $dbh = DBI->connect(
 				$form->{dbconnect}, $form->{dbuser}, 
 				$form->{dbpasswd}) 
-					or $form->dberror;
+					or $form->dberror(__FILE__.':'.__LINE__);
 
 			$query = qq|
 				SELECT tablename 
 				  FROM pg_tables
 				 WHERE tablename = 'defaults'|;
 			my $sth = $dbh->prepare($query);
-			$sth->execute || $form->dberror($query);
+			$sth->execute || $form->dberror(__FILE__.':'.__LINE__.$query);
 
 			if ($sth->fetchrow_array) {
 				$query = qq|
@@ -548,7 +574,7 @@
   
 	if ($form->{dbupdate}) {
 		# read update scripts into memory
-		opendir SQLDIR, "sql/." or $form->error($!);
+		opendir SQLDIR, "sql/." or $form->error(__FILE__.':'.__LINE__.': '.$!);
 		@upgradescripts = 
 			sort script_version 
 				grep /$form->{dbdriver}-upgrade-.*?\.sql$/, 
@@ -568,7 +594,7 @@
 		my $dbh = DBI->connect(
 			$form->{dbconnect}, $form->{dbuser}, 
 			$form->{dbpasswd}, {AutoCommit => 0}) 
-				or $form->dberror;
+				or $form->dberror(__FILE__.':'.__LINE__);
 
 		# check version
 		$query = qq|
@@ -657,115 +683,103 @@
   
 }
 
+sub save_member {
 
-sub create_config {
-	my ($self, $filename) = @_;
-
-
-	@config = &config_vars;
-
-	open(CONF, ">$filename") or $self->error("$filename : $!");
-  
-	# create the config file
-	print CONF qq|# configuration file for $self->{login}
-
-\%myconfig = (
-|;
-
-	foreach $key (sort @config) {
-		$self->{$key} =~ s/\\/\\\\/g;
-		$self->{$key} =~ s/'/\\'/g;
-
-		#remaining conversion from SL
-		$self->{$key} =~ s/sql-ledger([^.]*)\.css/ledger-smb$1.css/g;
-		print CONF qq|  $key => '$self->{$key}',\n|;
-	}
-
-   
-	print CONF qq|);\n\n|;
-
-	close CONF;
-
-}
-
-
-sub save_member {
 	my ($self) = @_;
 
-	# format dbconnect and dboptions string
-	&dbconnect_vars($self, $self->{dbname});
+	# replace \r\n with \n
+	for (qw(address signature)) { $self->{$_} =~ s/\r?\n/\\n/g }
 
-	$self->error("${LedgerSMB::Sysconfig::memberfile} locked!") 
-		if (-f "${LedgerSMB::Sysconfig::memberfile}.LCK");
-	open(FH, ">${LedgerSMB::Sysconfig::memberfile}.LCK") 
-		or $self->error("${LedgerSMB::Sysconfig::memberfile}.LCK : $!");
-	close(FH);
+	# use central db
+	my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
 
-	if (! open(CONF, "+<${LedgerSMB::Sysconfig::memberfile}")) {
-		unlink "${LedgerSMB::Sysconfig::memberfile}.LCK";
-		$self->error("${LedgerSMB::Sysconfig::memberfile} : $!");
-	}
+	#check to see if the user exists already
+	my $userCheck = $dbh->prepare("SELECT id FROM users WHERE username = ?");
+	$userCheck->execute($self->{login});
+	my ($userID) = $userCheck->fetchrow_array;
 
-	@config = <CONF>;
+	if($userID){
+		#got an id, check to see if it's in the users_conf table
+		my $userConfCheck = $dbh->prepare("SELECT id FROM users_conf WHERE id = ?");
+		$userConfCheck->execute($userID);
 
-	seek(CONF, 0, 0);
-	truncate(CONF, 0);
-
-	while ($line = shift @config) {
-		last if ($line =~ /^\[$self->{login}\]/);
-		#remaining conversion from SL
-		$line =~ s/sql-ledger([^.]*)\.css/ledger-smb$1.css/g;
-		print CONF $line;
+		if($userConfCheck->rows){
+			my $userConfExists = 1;
+		}
 	}
-
-	# remove everything up to next login or EOF
-	while ($line = shift @config) {
-		last if ($line =~ /^\[/);
+	else{
+		my $userConfAdd = $dbh->prepare("SELECT create_user(?);");
+		$userConfAdd->execute($self->{login});
+		($userID) = $userConfAdd->fetchrow_array;
 	}
 
-	# this one is either the next login or EOF
-	print CONF $line;
+	if($userConfExists){
 
-	while ($line = shift @config) {
-		print CONF $line;
-	}
+		# for now, this is updating the table directly... ugly 
+		my $userConfUpdate = $dbh->prepare("UPDATE users_conf
+											   SET acs = ?, address = ?, businessnumber = ?,
+												   company = ?, countrycode = ?, currency = ?,
+												   dateformat = ?, dbconnect = ?, dbdriver = ?,
+												   dbhost = ?, dbname = ?, dboptions = ?, 
+												   dbpasswd = ?, dbport = ?, dbuser = ?,
+												   email = ?, fax = ?, menuwidth = ?,
+												   name = ?, numberformat = ?, password = md5(?),
+												   print = ?, printer = ?, role = ?,
+												   sid = ?, signature = ?, stylesheet = ?,
+												   tel = ?, templates = ?, timeout = ?,
+												   vclimit = ?
+											 WHERE id = ?;");
 
-	print CONF qq|[$self->{login}]\n|;
+		$userConfUpdate->execute($self->{acs}, $self->{address}, $self->{businessnumber},
+								 $self->{company}, $self->{countrycode}, $self->{currency},
+								 $self->{dateformat}, $self->{dbconnect}, $self->{dbdriver},
+								 $self->{dbhost}, $self->{dbname}, $self->{dboptions}, 
+								 $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, 
+								 $self->{email}, $self->{fax}, $self->{menuwidth},
+								 $self->{name}, $self->{numberformat}, $self->{password}, 
+								 $self->{print}, $self->{printer}, $self->{role}, 
+								 $self->{sid}, $self->{signature}, $self->{stylesheet},
+								 $self->{tel}, $self->{templates}, $self->{timeout}, 
+								 $self->{vclimit}, $userID);
+	  
 
-	if ($self->{packpw}) {
-		$self->{dbpasswd} = pack 'u', $self->{dbpasswd};
-		chop $self->{dbpasswd};
 	}
-	if ($self->{password} ne $self->{old_password}) {
-		$self->{password} = crypt $self->{password}, 
-			substr($self->{login}, 0, 2) if $self->{password};
-	}
+	else{
 
-	if ($self->{'root login'}) {
-		@config = qw(password);
-	} else {
-		@config = &config_vars;
-	}
+		my $userConfInsert = $dbh->prepare("INSERT INTO users_conf(acs, address, businessnumber,
+																   company, countrycode, currency,
+																   dateformat, dbconnect, dbdriver,
+																   dbhost, dbname, dboptions, dbpasswd,
+																   dbport, dbuser, email, fax, menuwidth,
+																   name, numberformat, print, printer, role, 
+																   sid, signature, stylesheet, tel, templates, 
+																   timeout, vclimit, id, password)
+											VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 
+												   ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 
+												   ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, md5(?));");
 
-	# replace \r\n with \n
-	for (qw(address signature)) { $self->{$_} =~ s/\r?\n/\\n/g }
-
-	for (sort @config) {
-		print CONF qq|$_=$self->{$_}\n| 
+		$userConfInsert->execute($self->{acs}, $self->{address}, $self->{businessnumber},
+								 $self->{company}, $self->{countrycode}, $self->{currency},
+								 $self->{dateformat}, $self->{dbconnect}, $self->{dbdriver},
+								 $self->{dbhost}, $self->{dbname}, $self->{dboptions}, 
+								 $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, 
+								 $self->{email}, $self->{fax}, $self->{menuwidth},
+								 $self->{name}, $self->{numberformat}, 
+								 $self->{print}, $self->{printer}, $self->{role}, 
+								 $self->{sid}, $self->{signature}, $self->{stylesheet},
+								 $self->{tel}, $self->{templates}, $self->{timeout}, 
+								 $self->{vclimit}, $userID, $self->{password});
+	  
 	}
 
-	print CONF "\n";
-	close CONF;
-	unlink "${LedgerSMB::Sysconfig::memberfile}.LCK";
-	# create conf file
-	if (! $self->{'root login'}) {
+	if (! $self->{'admin'}) {
 
-		$self->create_config("${LedgerSMB::Sysconfig::userspath}/$self->{login}.conf");
-
 		$self->{dbpasswd} =~ s/\\'/'/g;
 		$self->{dbpasswd} =~ s/\\\\/\\/g;
-		$self->{dbpasswd} = unpack 'u', $self->{dbpasswd};
 
+		# format dbconnect and dboptions string
+ 		&dbconnect_vars($self, $self->{dbname});
+
 		# check if login is in database
 		my $dbh = DBI->connect(
 			$self->{dbconnect}, $self->{dbuser}, $self->{dbpasswd}, 
@@ -813,7 +827,6 @@
 		$dbh->disconnect;
 
 	}
-
 }
 
 
@@ -823,13 +836,13 @@
 	my $dbh = DBI->connect(
 		$form->{dbconnect}, $form->{dbuser}, $form->{dbpasswd}, 
 		{AutoCommit => 0}) 
-			or $form->dberror;
+			or $form->dberror(__FILE__.':'.__LINE__);
   
 	my $login = $form->{login};
 	$login =~ s/@.*//;
 	my $query = qq|SELECT id FROM employee WHERE login = ?|; 
 	my $sth = $dbh->prepare($query);
-	$sth->execute($login) || $form->dberror($query);
+	$sth->execute($login) || $form->dberror(__FILE__.':'.__LINE__.': '.$query);
   
 	my ($id) = $sth->fetchrow_array;
 	$sth->finish;

Modified: trunk/admin.pl
===================================================================
--- trunk/admin.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/admin.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -75,15 +75,15 @@
 $pos = rindex $0, '/';
 $script = substr($0, $pos + 1);
 
+#this needs to be a db based function
+#if (-e "${LedgerSMB::Sysconfig::userspath}/nologin" && $script ne 'admin.pl') {
+#	print "Content-Type: text/html\n\n<html><body><strong>";
+#	print "\nLogin disabled!\n";
+#	print "\n</strong></body></html>";
+#	exit;
+#}
 
-if (-e "${LedgerSMB::Sysconfig::userspath}/nologin" && $script ne 'admin.pl') {
-	print "Content-Type: text/html\n\n<html><body><strong>";
-	print "\nLogin disabled!\n";
-	print "\n</strong></body></html>";
-	exit;
-}
 
-
 if ($form{path}) {
 
 	if ($form{path} ne 'bin/lynx'){ $form{path} = 'bin/mozilla';}	

Modified: trunk/bin/admin.pl
===================================================================
--- trunk/bin/admin.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/bin/admin.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -39,8 +39,8 @@
 use LedgerSMB::Form;
 use LedgerSMB::Locale;
 use LedgerSMB::User;
+use LedgerSMB::Session;
 
-
 $form = new Form;
 
 $locale = LedgerSMB::Locale->get_handle(${LedgerSMB::Sysconfig::language}) or
@@ -65,11 +65,7 @@
 }
 
 
-
-
-
 if ($form->{action}) {
-
 	&check_password unless $form->{action} eq 'logout';
 	&{ $form->{action} };
 
@@ -78,20 +74,9 @@
 	# if there are no drivers bail out
 	$form->error($locale->text('No Database Drivers available!')) unless (LedgerSMB::User->dbdrivers);
 
-	# create memberfile
-	if (! -f ${LedgerSMB::Sysconfig::memberfile}) {
-		open(FH, ">${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
-		print FH qq|# LedgerSMB Accounting members
+	$root = LedgerSMB::User->new('admin');
 
-[root login]
-password=
-|;
-		close FH;
-	}
-
-	$root = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "root login");
-
-	unless($root && $root->{password}) { 
+	unless($root && $root->{password}){ 
 		 &setup_initial_password();
 		 exit;
 	}
@@ -193,8 +178,7 @@
 sub logout {
 
 	$form->{callback} = "$form->{script}?path=$form->{path}&amp;endsession=1";
-	unlink "${LedgerSMB::Sysconfig::userspath}/adminhash";
-	print qq|Set-Cookie: LedgerSMB=; path=/;\n|; 
+	Session::session_destroy($form);
 	$form->redirect($locale->text('You are logged out'));
 
 }
@@ -249,15 +233,13 @@
 
 sub list_users {
 
-	open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
+	#currently, this is disabled, but will set a value in the central db
+	#$nologin = qq|<button type="submit" class="submit" name="action" value="lock_system">|.$locale->text('Lock System').qq|</button>|;
+	#
+	#if (-e "${LedgerSMB::Sysconfig::userspath}/nologin") {
+	#	$nologin = qq|<button type="submit" class="submit" name="action" value="unlock_system">|.$locale->text('Unlock System').qq|</button>|;
+	#}
 
-	$nologin = qq|<button type="submit" class="submit" name="action" value="lock_system">|.$locale->text('Lock System').qq|</button>|;
-
-	if (-e "${LedgerSMB::Sysconfig::userspath}/nologin") {
-		$nologin = qq|<button type="submit" class="submit" name="action" value="unlock_system">|.$locale->text('Unlock System').qq|</button>|;
-	}
-
-
 	while (<FH>) {
 		chop;
 
@@ -294,7 +276,7 @@
 
 	$form->{title} = "LedgerSMB ".$locale->text('Accounting')." ".$locale->text('Administration');
 
-	$form->{login} = "root login";
+	$form->{login} = "admin";
 	$form->header;
 
 	print qq|
@@ -373,7 +355,7 @@
 	if ($form->{login}) {
 
 		# get user
-		$myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+		%myconfig = %{LedgerSMB::User->fetch_config($form->{login})};
 
 		for (qw(company address signature)) { $myconfig->{$_} = $form->quote($myconfig->{$_}) }
 		for (qw(address signature)) { $myconfig->{$_} =~ s/\\n/\n/g }
@@ -486,7 +468,7 @@
 	}
 
 	$user = $form->{login};
-	$form->{login} = "root login";
+	$form->{login} = "admin";
 	$form->header;
 	$form->{login} = $user;
 
@@ -769,7 +751,7 @@
 	# check for duplicates
 	if (!$form->{edit}) {
 
-		$temp = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
+		$temp = LedgerSMB::User->new($form->{login});
 
 		if ($temp->{login}) {
 			$form->error($locale->text('[_1] is already a member!', $form->{login}));
@@ -793,7 +775,6 @@
 	# add base directory to $form->{templates}
 	$form->{templates} = "${LedgerSMB::Sysconfig::templates}/$form->{templates}";
 
-
 	$myconfig = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "$form->{login}");
 
 	# redo acs variable and delete all the acs codes
@@ -837,7 +818,7 @@
 
 	$myconfig->{packpw} = 1;
 
-	$myconfig->save_member(${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath});
+	$myconfig->save_member($form);
 	# create user template directory and copy master files
 	if (! -d "$form->{templates}") {
 
@@ -880,74 +861,6 @@
 
 	$form->{templates} = ($form->{templates}) ? "${LedgerSMB::Sysconfig::templates}/$form->{templates}" : "$templates/$form->{login}";
 
-	$form->error($locale->text("[_1] locked!", 
-		${LedgerSMB::Sysconfig::memberfile})) if (-f ${memberfile}.LCK);
-
-	open(FH, ">${memberfile}.LCK") or $form->error("${memberfile}.LCK : $!");
-	close(FH);
-
-	if (! open(CONF, "+<${LedgerSMB::Sysconfig::memberfile}")) {
-		unlink "${memberfile}.LCK";
-		$form->error("${LedgerSMB::Sysconfig::memberfile} : $!");
-	}
-
-	@config = <CONF>;
-
-	seek(CONF, 0, 0);
-	truncate(CONF, 0);
-
-	while ($line = shift @config) {
-
-		chop $line;
-
-		if ($line =~ /^\[/) {
-			last if ($line eq "[$form->{login}]");
-			$login = &login_name($line);
-		}
-
-		if ($line =~ /^templates=/) {
-			($null, $user{$login}) = split /=/, $line, 2;
-		}
-
-		print CONF "$line\n";
-	}
-
-	# remove everything up to next login or EOF
-	# and save template variable
-	while ($line = shift @config) {
-
-		chop $line;
-
-		($key, $value) = split /=/, $line, 2;
-		$myconfig{$key} = $value;
-
-		last if ($line =~ /^\[/);
-	}
-
-	# this one is either the next login or EOF
-	print CONF "$line\n";
-
-	$login = &login_name($line);
-
-
-	while ($line = shift @config) {
-
-		chop $line;
-
-		if ($line =~ /^\[/) {
-			$login = &login_name($line);
-		}
-
-		if ($line =~ /^templates=/) {
-			($null, $user{$login}) = split /=/, $line, 2;
-		}
-
-		print CONF "$line\n";
-	}
-
-	close(CONF);
-	unlink "${memberfile}.LCK";
-
 	# scan %user for $templatedir
 	foreach $login (keys %user) {
 		last if ($found = ($form->{templates} eq $user{$login}));
@@ -955,7 +868,6 @@
 
 	# if found keep directory otherwise delete
 	if (!$found) {
-
 		# delete it if there is a template directory
 		$dir = "$form->{templates}";
 		if (-d "$dir") {
@@ -964,17 +876,16 @@
 		}
 	}
 
-	if ($myconfig{dbconnect}) {
+	my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};	
 
-		$myconfig{dbpasswd} = unpack 'u', $myconfig{dbpasswd};
-		for (keys %myconfig) { $form->{$_} = $myconfig{$_} }
+	#users_conf
+	my $deleteUser = $dbh->prepare("DELETE FROM users_conf USING users WHERE users.username = ? and users.id = users_conf.id;");
+	$deleteUser->execute($form->{login});
 
-		LedgerSMB::User->delete_login(\%$form);
+	#and now users
+	$deleteUser = $dbh->prepare("DELETE FROM users WHERE username = ?;");
+	$deleteUser->execute($form->{login});
 
-		# delete config file for user
-		unlink "${LedgerSMB::Sysconfig::userspath}/$form->{login}.conf";
-	}
-
 	$form->redirect($locale->text('User deleted!'));
 }
 
@@ -1035,68 +946,41 @@
 	$form->error($locale->text('Passwords do not match!')) if $form->{new_password} ne $form->{confirm_password};
 	$root->{password} = $form->{new_password};
 	$root->{'root login'} = 1;
-	$root->save_member(${LedgerSMB::Sysconfig::memberfile});
+	$root->save_member();
 	$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
 	$form->redirect($locale->text('Password changed!'));
 }
 
-sub get_hash {
-	use Digest::MD5;
-	$form->{hash} = Digest::MD5::md5_hex rand();  
-
-}
-
 sub check_password {
 
-	$root = LedgerSMB::User->new("${LedgerSMB::Sysconfig::memberfile}", "root login");
+	$root = LedgerSMB::User->new('admin');
 
-	if ($root->{password}) {
+	if ($form->{password}) {
 
-		if ($form->{password}) {
+		$form->{callback} .= "&amp;password=$form->{password}" if $form->{callback};
 
-			$form->{callback} .= "&amp;password=$form->{password}" if $form->{callback};
-			$form->{sessionid} = time;
+		if ($root->{password} ne (Digest::MD5::md5_hex $form->{password}) ) {
+			&getpassword;
+			exit;
+		}
+		else{
+			Session::session_create($root);
+		}
+	}
+	else {
 
-			if ($root->{password} ne crypt $form->{password}, 'ro') {
-				&getpassword;
-				exit;
-			}
+		$ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
+		@cookies = split /;/, $ENV{HTTP_COOKIE};
+		foreach (@cookies) {
+			($name,$value) = split /=/, $_, 2;
+			$cookie{$name} = $value;
+		}
 
-			&get_hash;
-
-			open(HASHFILE, "> ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
-			print HASHFILE $form->{hash}; 
-			print qq|Set-Cookie: LedgerSMB=$form->{hash}; path=/;\n|;
-
-		} else {
-
-			if ($ENV{HTTP_USER_AGENT}) {
-
-				$ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
-				%cookie = split /[=;]/, $ENV{HTTP_COOKIE}; # Changeme to %cookies
-				$cookie = ($form->{path} eq 'bin/lynx') ? $cookie{login} : $cookie{"LedgerSMB-root login"};
-
-				#fixes problem with first login and such
-				if (!(-f "${LedgerSMB::Sysconfig::userspath}/adminhash")) {
-					&get_hash;
-					open(HASHFILE, "> ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
-					print HASHFILE $form->{hash}; 
-					close(HASHFILE);
-				}	
-
-				open (HASHFILE, "< ${LedgerSMB::Sysconfig::userspath}/adminhash") || $form->error("Can't Open Hashfile: $!");
-				chomp($form->{hash} = <HASHFILE>);
-				%cookies = split /[=;]/, $ENV{HTTP_COOKIE};
-
-				if (! $cookie || $cookie ne $form->{sessionid} || $form->{hash} ne $cookies{LedgerSMB}) {
-
-						&getpassword;
-						exit;
-				}
-			}
+		if(!Session::session_check($cookie{"LedgerSMB"}, $root)){
+			&getpassword(1);
+			exit;
 		}
 	}
-
 }
 
 
@@ -1372,7 +1256,7 @@
 
 sub delete_dataset {
 
-	if (@dbsources = LedgerSMB::User->dbsources_unused(\%$form, ${LedgerSMB::Sysconfig::memberfile})) {
+	if (@dbsources = LedgerSMB::User->dbsources_unused(\%$form)) {
 
 		foreach $item (sort @dbsources) {
 			$dbsources .= qq|<input name="db" class="radio" type="radio" value="$item" />&nbsp;$item |;
@@ -1463,7 +1347,8 @@
 
 sub unlock_system {
 
-	unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
+	# This needs to be done with a db tool
+	#	unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
 	$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
 	$form->redirect($locale->text('Lockfile removed!'));
 }
@@ -1471,8 +1356,9 @@
 
 sub lock_system {
 
-	open(FH, ">${LedgerSMB::Sysconfig::userspath}/nologin") or $form->error($locale->text('Cannot create Lock!'));
-	close(FH);
+	# This needs to be done with a db tool
+	#open(FH, ">${LedgerSMB::Sysconfig::userspath}/nologin") or $form->error($locale->text('Cannot create Lock!'));
+	#close(FH);
 	$form->{callback} = "$form->{script}?action=list_users&amp;path=$form->{path}&amp;sessionid=$form->{sessionid}";
 	$form->redirect($locale->text('Lockfile created!'));
 }

Modified: trunk/bin/am.pl
===================================================================
--- trunk/bin/am.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/bin/am.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -2233,7 +2233,7 @@
     $form->error($locale->text('Password does not match!')) if $form->{new_password} ne $form->{confirm_password};
   }
 
-  if (AM->save_preferences(\%myconfig, \%$form, ${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath})) {
+  if (AM->save_preferences(\%myconfig, \%$form)) {
     $form->redirect($locale->text('Preferences saved!'));
   } else {
     $form->error($locale->text('Cannot save preferences!'));

Modified: trunk/bin/arapprn.pl
===================================================================
--- trunk/bin/arapprn.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/bin/arapprn.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -252,7 +252,7 @@
   $form->{fileid} = $invnumber;
   $form->{fileid} =~ s/(\s|\W)+//g;
 
-  $form->parse_template(\%myconfig, ${LedgerSMB::Sysconfig::userspath});
+  $form->parse_template(\%myconfig);
 
   if ($form->{previousform}) {
   
@@ -468,7 +468,7 @@
   $form->{fileid} = $form->{invnumber};
   $form->{fileid} =~ s/(\s|\W)+//g;
 
-  $form->parse_template(\%myconfig, ${LedgerSMB::Sysconfig::userspath});
+  $form->parse_template(\%myconfig);
 
   if (%$old_form) {
     $old_form->{invnumber} = $form->{invnumber};

Modified: trunk/bin/hr.pl
===================================================================
--- trunk/bin/hr.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/bin/hr.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -716,7 +716,7 @@
 
   # if it is a login change memberfile and .conf
   if ($form->{employeelogin}) {
-    $user = LedgerSMB::User->new(${LedgerSMB::Sysconfig::memberfile}, $form->{employeelogin});
+    $user = LedgerSMB::User->new($form->{employeelogin});
 
     for (qw(name email role)) { $user->{$_} = $form->{$_} }
 
@@ -726,7 +726,7 @@
     for (qw(dbpasswd password)) { $user->{"old_$_"} = $user->{$_} }
     $user->{packpw} = 1;
 
-    $user->save_member(${LedgerSMB::Sysconfig::memberfile}, ${LedgerSMB::Sysconfig::userspath}) if $user->{login};
+    $user->save_member() if $user->{login};
   }
   
   $form->redirect($locale->text('Employee saved!'));

Modified: trunk/bin/login.pl
===================================================================
--- trunk/bin/login.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/bin/login.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -40,6 +40,7 @@
 use LedgerSMB::User;
 use LedgerSMB::Form;
 use LedgerSMB::Locale;
+use LedgerSMB::Session;
 
 ## will need this later when session_destroy will be used
 #use LedgerSMB::Session;
@@ -48,7 +49,7 @@
 $form = new Form;
 
 $locale = LedgerSMB::Locale->get_handle(${LedgerSMB::Sysconfig::language}) or 
-	$form->error("Locale not loaded: $!\n");
+	$form->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n");
 $locale->encoding('UTF-8');
 $form->{charset} = 'UTF-8';
 #$form->{charset} = $locale->encoding;
@@ -56,13 +57,13 @@
 # customization
 if (-f "bin/custom/$form->{script}") {
 	eval { require "bin/custom/$form->{script}"; };
-	$form->error($@) if ($@);
+	$form->error(__FILE__.':'.__LINE__.': '.$@) if ($@);
 }
 
 # per login customization
 if (-f "bin/custom/$form->{login}_$form->{script}") {
 	eval { require "bin/custom/$form->{login}_$form->{script}"; };
-	$form->error($@) if ($@);
+	$form->error(__FILE__.':'.__LINE__.': '.$@) if ($@);
 }
 
 # window title bar, user info
@@ -233,40 +234,41 @@
 	$form->{stylesheet} = "ledger-smb.css";
 	$form->{favicon} = "favicon.ico";
 
-	$form->error($locale->text('You did not enter a name!')) unless ($form->{login});
+	$form->error(__FILE__.':'.__LINE__.': '.$locale->text('You did not enter a name!')) unless ($form->{login});
 
-	if (! $form->{beenthere}) {
-		open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error("$memberfile : $!");
-		@a = <FH>;
-		close(FH);
+	#this needs to be done via db
+	#if (! $form->{beenthere}) {
+	#	open(FH, "${LedgerSMB::Sysconfig::memberfile}") or $form->error(__FILE__.':'.__LINE__.": $memberfile : $!");
+	#	@a = <FH>;
+	#	close(FH);
+	#
+	#	foreach $item (@a) {
+	#
+	#		if ($item =~ /^\[(.*?)\]/) {
+	#			$login = $1;
+	#			$found = 1;
+	#		}
+	#
+	#		if ($item =~ /^company=/) {
+	#			if ($login =~ /$form->{login}\@/ && $found) {
+	#				($null, $name) = split /=/, $item, 2;
+	#				$login{$login} = $name;
+	#			}
+	#			$found = 0;
+	#		}
+	#	}
+	#
+	#	if (keys %login > 1) {
+	#		&selectdataset(\%login);
+	#		exit;
+	#	}
+	#}
 
-		foreach $item (@a) {
 
-			if ($item =~ /^\[(.*?)\]/) {
-				$login = $1;
-				$found = 1;
-			}
+	$user = LedgerSMB::User->new($form->{login});
 
-			if ($item =~ /^company=/) {
-				if ($login =~ /$form->{login}\@/ && $found) {
-					($null, $name) = split /=/, $item, 2;
-					$login{$login} = $name;
-				}
-				$found = 0;
-			}
-		}
-
-		if (keys %login > 1) {
-			&selectdataset(\%login);
-			exit;
-		}
-	}
-
-
-	$user = LedgerSMB::User->new(${LedgerSMB::Sysconfig::memberfile}, $form->{login});
-
 	# if we get an error back, bale out
-	if (($errno = $user->login(\%$form, ${LedgerSMB::Sysconfig::userspath})) <= -1) {
+	if (($errno = $user->login(\%$form)) <= -1) {
 
 		$errno *= -1;
 		$err[1] = $locale->text('Access Denied!');
@@ -275,8 +277,10 @@
 
 		if ($errno == 4) {
 			# upgrade dataset and log in again
-			open FH, ">${LedgerSMB::Sysconfig::userspath}/nologin" or $form->error($!);
 
+			#locking needs to be done via db function
+			#open FH, ">${LedgerSMB::Sysconfig::userspath}/nologin" or $form->error($!);
+
 			for (qw(dbname dbhost dbport dbdriver dbuser dbpasswd)) { $form->{$_} = $user->{$_} }
 
 			$form->{dbpasswd} = unpack 'u', $form->{dbpasswd};
@@ -293,8 +297,8 @@
 
 			$user->dbupdate(\%$form);
 
-			# remove lock file
-			unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
+			# remove lock
+			#unlink "${LedgerSMB::Sysconfig::userspath}/nologin";
 
 			print $locale->text('done');
 
@@ -303,7 +307,7 @@
 			exit;
 		}
 
-		$form->error($err[$errno]);
+		$form->error(__FILE__.':'.__LINE__.': '.$err[$errno]);
 	}
 
 	# made it this far, setup callback for the menu
@@ -340,11 +344,9 @@
 
 
 sub logout {
-
 	$form->{callback} = "$form->{script}?path=$form->{path}&login=$form->{login}";
 	$form->{endsession} = 1;
-	#delete the cookie in the browser manually (can't use session_destroy here unfortunately)
-	print qq|Set-Cookie: LedgerSMB=; path=/;\n|;
+	Session::session_destroy($form);
 	$form->redirect;
 }
 

Modified: trunk/ledger-smb.conf
===================================================================
--- trunk/ledger-smb.conf	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/ledger-smb.conf	2006-11-03 05:13:21 UTC (rev 479)
@@ -12,7 +12,7 @@
 # These parameters *must* be set correctly for LedgerSMB >= 1.2 to work
 #
 [globaldb]
-##uncomment and set these
+##uncomment below and set to correct values
 #DBConnect: dbi:Pg:dbname=ledgersmb;host=localhost;port=5432
 #DBUserName: ledgersmb
-#DBPassword: password 
+#DBPassword: password

Modified: trunk/login.pl
===================================================================
--- trunk/login.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/login.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -77,12 +77,13 @@
 $script = substr($0, $pos + 1);
 
 
-if (-e "${LedgerSMB::Sysconfig::userspath}/nologin" && $script ne 'admin.pl') {
-	print "Content-Type: text/html\n\n<html><body><strong>";
-	print "\nLogin disabled!\n";
-	print "\n</strong></body></html>";
-	exit;
-}
+#This needs to be a db query
+#if (-e "${LedgerSMB::Sysconfig::userspath}/nologin" && $script ne 'admin.pl') {
+#	print "Content-Type: text/html\n\n<html><body><strong>";
+#	print "\nLogin disabled!\n";
+#	print "\n</strong></body></html>";
+#	exit;
+#}
 
 
 if ($form{path}) {

Modified: trunk/menu.pl
===================================================================
--- trunk/menu.pl	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/menu.pl	2006-11-03 05:13:21 UTC (rev 479)
@@ -47,18 +47,21 @@
 #######################################################################
 
 use LedgerSMB::Sysconfig;
+use Digest::MD5;
 
 $| = 1;
 
+use LedgerSMB::User;
 use LedgerSMB::Form;
 use LedgerSMB::Locale;
 use LedgerSMB::Session;
+use Data::Dumper;
 
+
 # for custom preprocessing logic
 eval { require "custom.pl"; };
 
 $form = new Form;
-
   
 # name of this script
 $0 =~ tr/\\/\//;
@@ -73,11 +76,13 @@
 # pull in DBI
 use DBI qw(:sql_types);
 
-# check for user config file, could be missing or ???
-eval { require("${LedgerSMB::Sysconfig::userspath}/$form->{login}.conf"); };
+# grab user config. This is ugly and unecessary if/when 
+# we get rid of myconfig and use User as a real object 
+%myconfig = %{LedgerSMB::User->fetch_config($form->{login})};
+
 if ($@) {
 	$locale = LedgerSMB::Locale->get_handle($myconfig{countrycode}) or
-		$form->error("Locale not loaded: $!\n");
+		$form->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n");
 	$form->{charset} = $locale->encoding;
 	$form->{charset} = 'UTF-8';
 	$locale->encoding('UTF-8');
@@ -90,7 +95,7 @@
 
 # locale messages
 $locale = LedgerSMB::Locale->get_handle($myconfig{countrycode}) or
-	$form->error("Locale not loaded: $!\n");
+	$form->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n");
 #$form->{charset} = $locale->encoding;
 $form->{charset} = 'UTF-8';
 $locale->encoding('UTF-8');
@@ -99,9 +104,8 @@
 $SIG{__WARN__} = sub { $form->info($_[0]) };
 
 # send errors to browser
-$SIG{__DIE__} = sub { $form->error($_[0]) };
+$SIG{__DIE__} = sub { $form->error(__FILE__.':'.__LINE__.': '.$_[0]) };
 
-$myconfig{dbpasswd} = unpack 'u', $myconfig{dbpasswd};
 map { $form->{$_} = $myconfig{$_} } qw(stylesheet timeout) unless ($form->{type} eq 'preferences');
 $form->db_init(\%myconfig);
 
@@ -109,7 +113,7 @@
 
 # did sysadmin lock us out
 if (-f "${LedgerSMB::Sysconfig::userspath}/nologin") {
-	$form->error($locale->text('System currently down for maintenance!'));
+	$form->error(__FILE__.':'.__LINE__.': '.$locale->text('System currently down for maintenance!'));
 }
 
 # pull in the main code
@@ -139,7 +143,7 @@
 	}
 
 } else {
-	$form->error($locale->text('action= not defined!'));
+	$form->error(__FILE__.':'.__LINE__.': '.$locale->text('action= not defined!'));
 }
 
 1;
@@ -153,15 +157,15 @@
 		require "bin/pw.pl";
 
 		if ($form->{password}) {
-			if ((crypt $form->{password}, substr($form->{login}, 0, 2)) ne $myconfig{password}) {
+			if ($myconfig{password} ne (Digest::MD5::md5_hex $form->{password})) {
 				if ($ENV{HTTP_USER_AGENT}) {
 					&getpassword;
 				} else {
-					$form->error($locale->text('Access Denied!'));
+					$form->error(__FILE__.':'.__LINE__.': '.$locale->text('Access Denied!'));
 				}
 				exit;
 			} else {
-				Session::session_create($form, %myconfig);
+				Session::session_create($form);
 			}
 			
 		} else {
@@ -180,7 +184,7 @@
 					}
 				}
 				#check for valid session
-				if(!Session::session_check($cookie{"LedgerSMB"}, $form, %myconfig)){
+				if(!Session::session_check($cookie{"LedgerSMB"}, $form)){
 					&getpassword(1);
 					exit;
 				}

Added: trunk/sql/Pg-central.sql
===================================================================
--- trunk/sql/Pg-central.sql	                        (rev 0)
+++ trunk/sql/Pg-central.sql	2006-11-03 05:13:21 UTC (rev 479)
@@ -0,0 +1,79 @@
+-- Central DB structure
+-- This is the central database stuff which is used across all datasets
+-- in the ledger-smb.conf it is called 'ledgersmb' by default, but obviously
+-- can be named anything.
+
+-- USERS stuff --
+CREATE TABLE users (id serial UNIQUE, username varchar(30) primary key);
+COMMENT ON TABLE users IS $$username is the actual primary key here because we do not want duplicate users$$;
+CREATE TABLE users_conf(id integer primary key references users(id) deferrable initially deferred,
+                        acs text,
+                        address text,
+                        businessnumber text,
+                        company text,
+                        countrycode text,
+                        currency text,
+                        dateformat text,
+                        dbconnect text,
+                        dbdriver text default 'Pg',
+                        dbhost text default 'localhost',
+                        dbname text,
+                        dboptions text,
+                        dbpasswd text,
+                        dbport text,
+                        dbuser text,
+                        email text,
+                        fax text,
+                        menuwidth text,
+                        name text,
+                        numberformat text,
+                        password varchar(32) check(length(password) = 32),
+                        print text,
+                        printer text,
+                        role text,
+                        sid text,
+                        signature text,
+                        stylesheet text,
+                        tel text,
+                        templates text,
+                        timeout numeric,
+                        vclimit numeric);
+
+COMMENT ON TABLE users_conf IS 'This is a completely dumb table that is a place holder to get usersconf into the database. Next major release will have a much more sane implementation';
+COMMENT ON COLUMN users_conf.id IS 'Yes primary key with a FOREIGN KEY to users(id) is correct'; 
+COMMENT ON COLUMN users_conf.password IS 'This means we have to get rid of the current password stuff and move to presumably md5()';
+
+-- Per conversation with ChrisM, if the admin user has a null password a couple of things happen.
+-- 1. It is implicit that this is an initial install
+-- 2. If the admin password does not match the ledger-smb.conf admin password, we throw a hijack alert
+-- The two below statements must be run from a single session
+INSERT INTO users(username) VALUES ('admin');
+INSERT INTO users_conf(id,password) VALUES (currval('users_id_seq'),NULL);
+
+
+CREATE OR REPLACE FUNCTION create_user(text) RETURNS bigint AS $$
+   INSERT INTO users(username) VALUES ($1);
+   SELECT currval('users_id_seq');
+   $$ LANGUAGE 'SQL';
+
+COMMENT ON FUNCTION create_user(text) IS $$ Function to create user. Returns users.id if successful, else it is an error. $$;
+
+CREATE OR REPLACE FUNCTION update_user(int4,text) RETURNS int4 AS $$
+   UPDATE users SET username = $2 WHERE id = $1;
+   SELECT 1;
+   $$ LANGUAGE 'SQL';
+
+COMMENT ON FUNCTION update_user(int4,text) IS $$ Takes int4 which is users.id and text which is username. Will update username based on id. Username is unique $$;
+
+
+-- Session tracking table
+
+
+CREATE TABLE session(
+session_id serial PRIMARY KEY,
+sl_login VARCHAR(50),
+token VARCHAR(32) CHECK(length(token) = 32),
+last_used TIMESTAMP default now(),
+users_id INTEGER  -- NOT NULL references users(id)
+);
+


Property changes on: trunk/sql/Pg-central.sql
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/sql/Pg-database.sql
===================================================================
--- trunk/sql/Pg-database.sql	2006-11-03 04:54:26 UTC (rev 478)
+++ trunk/sql/Pg-database.sql	2006-11-03 05:13:21 UTC (rev 479)
@@ -704,80 +704,6 @@
   1, 'Simple'
 );
 
--- USERS stuff --
-CREATE TABLE users (id serial UNIQUE, username varchar(30) primary key);
-COMMENT ON TABLE users IS 
-$$username is the actual primary key here because we don't want duplicate users$$;
-CREATE TABLE users_conf(id integer primary key references users(id) deferrable initially deferred,
-                        acs text,
-                        address text,
-                        businessnumber text,
-                        company text,
-                        countrycode text,
-                        currency text,
-                        dateformat text,
-                        dbconnect text,
-                        dbdriver text default 'Pg',
-                        dbhost text default 'localhost',
-                        dbname text,
-                        dboptions text,
-                        dbpasswd text,
-                        dbport text,
-                        dbuser text,
-                        email text,
-                        fax text,
-                        menuwidth text,
-                        name text,
-                        numberformat text,
-                        password varchar(32) check(length(password) = 32),
-                        print text,
-                        printer text,
-                        role text,
-                        sid text,
-                        signature text,
-                        stylesheet text,
-                        tel text,
-                        templates text,
-                        timeout numeric,
-                        vclimit numeric);
-COMMENT ON TABLE users_conf IS 'This is a completely dumb table that is a place holder to get usersconf into the database. Next major release will have a much more sane implementation';
-COMMENT ON COLUMN users_conf.id IS 'Yes primary key with a FOREIGN KEY to users(id) is correct'; 
-COMMENT ON COLUMN users_conf.password IS 'This means we have to get rid of the current password stuff and move to presumably md5()';
-
--- Per conversation with ChriseH, if the admin user has a null password a couple of things happen.
--- 1. It is implicit that this is an initial install
--- 2. If the admin password does not match the ledger-smb.conf admin password, we throw a hijack alert
--- The two below statements must be run from a single session
-INSERT INTO users(username) VALUES ('admin');
-INSERT INTO users_conf(id,password) VALUES (currval('users_id_seq'),NULL);
-
-
-CREATE FUNCTION create_user(text) RETURNS int4 AS $$
-   INSERT INTO users(username) VALUES ('$1');
-   SELECT currval('user_id_seq');
-   $$ LANGUAGE 'SQL';
-
-COMMENT ON FUNCTION create_user(text) IS $$ Function to create user. Returns users.id if successful, else it is an error. $$;
-
-CREATE FUNCTION update_user(int4,text) RETURNS int4 AS $$
-   UPDATE users SET username = '$2' WHERE id = $1;
-   SELECT 1;
-   $$ LANGUAGE 'SQL';
-
-COMMENT ON FUNCTION update_user(int4,text) IS $$ Takes int4 which is users.id and text which is username. Will update username based on id. Username is unique $$;
-
-
--- Session tracking table
-
-
-CREATE TABLE session(
-session_id serial PRIMARY KEY,
-sl_login VARCHAR(50),
-token VARCHAR(32) CHECK(length(token) = 32),
-last_used TIMESTAMP default now(),
-users_id INTEGER  -- NOT NULL references users(id)
-);
-
 create index acc_trans_trans_id_key on acc_trans (trans_id);
 create index acc_trans_chart_id_key on acc_trans (chart_id);
 create index acc_trans_transdate_key on acc_trans (transdate);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.