[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb: [1298] trunk

Revision: 1298
          http://svn.sourceforge.net/ledger-smb/?rev=1298&view=rev
Author:   einhverfr
Date:     2007-06-21 16:20:24 -0700 (Thu, 21 Jun 2007)

Log Message:
-----------
Fixing new framework for session and user authentication

Modified Paths:
--------------
    trunk/LedgerSMB.pm
    trunk/lsmb-request.pl

Modified: trunk/LedgerSMB.pm
===================================================================
--- trunk/LedgerSMB.pm	2007-06-21 21:29:07 UTC (rev 1297)
+++ trunk/LedgerSMB.pm	2007-06-21 23:20:24 UTC (rev 1298)
@@ -14,7 +14,8 @@
 
 =item new ()
 
-This method creates a new base request instance. 
+This method creates a new base request instance. In any mode but CLI, it also
+validates the session/user credentials.
 
 =item date_to_number (user => $LedgerSMB::User, date => $string);
 
@@ -118,6 +119,7 @@
 use Math::BigFloat lib => 'GMP';
 use LedgerSMB::Sysconfig;
 use Data::Dumper;
+use LedgerSMB::Session;
 use strict;
 
 package LedgerSMB;
@@ -155,10 +157,62 @@
         $self->error("Access Denied");
     }
 
+    $self->{_user} = LedgerSMB::User->fetch_config($self->{login});
+    my $locale   = LedgerSMB::Locale->get_handle($self->{_user}->{countrycode})
+        or $self->error(__FILE__.':'.__LINE__.": Locale not loaded: $!\n");
+    $self->{_locale} = $locale;
+    if ( $self->{password} ) {
+        if (
+            !Session::password_check(
+                $self, $self->{login}, $self->{password}
+            )
+          )
+        {
+            if ($self->is_run_mode('cgi', 'mod_perl')) {
+                _get_password();
+            }
+            else {
+                $self->error( __FILE__ . ':' . __LINE__ . ': '
+                      . $locale->text('Access Denied!') );
+            }
+            exit;
+        }
+        else {
+            Session::session_create($self);
+        }
+
+    }
+    else {
+        if ($self->is_run_mode('cgi', 'mod_perl')) {
+            my %cookie;
+            $ENV{HTTP_COOKIE} =~ s/;\s*/;/g;
+            my @cookies = split /;/, $ENV{HTTP_COOKIE};
+            foreach (@cookies) {
+                my ( $name, $value ) = split /=/, $_, 2;
+                $cookie{$name} = $value;
+            }
+
+            #check for valid session
+            if ( !Session::session_check( $cookie{"LedgerSMB"}, $self) ) {
+                _get_password(1);
+                exit;
+            }
+        }
+        else {
+            exit;
+        }
+    }
+
     $self;
 
 }
 
+sub _get_password {
+    # TODO:  Remove reliance on pw.pl and add template support.
+    require 'bin/pw.pl';
+    getpassword(@_);
+}
+
 sub debug {
     my $self = shift @_;
     my %args = @_;

Modified: trunk/lsmb-request.pl
===================================================================
--- trunk/lsmb-request.pl	2007-06-21 21:29:07 UTC (rev 1297)
+++ trunk/lsmb-request.pl	2007-06-21 23:20:24 UTC (rev 1298)
@@ -45,16 +45,18 @@
 $script = $1;
 
 $locale = LedgerSMB::Locale->get_handle( ${LedgerSMB::Sysconfig::language} )
-  or $form->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" );
+  or $request->error( __FILE__ . ':' . __LINE__ . ": Locale not loaded: $!\n" );
 
 if (!$script){
 	$request->error($locale->text('No workflow script specified'));
 }
 
-eval { require "scripts/$script" } || $request->error($locale->text('Unable to open script' . ": $!";
+eval { require "scripts/$script" } 
+  || $request->error($locale->text('Unable to open script' . ": $!";
 
 $script =~ s/\.pl$//;
 $script = "LedgerSMB::Scripts::$script";
-$script->can($request->{action}) || $request->error($locale->text("Action Not Defined: ") . $request->{action};
+$script->can($request->{action}) 
+  || $request->error($locale->text("Action Not Defined: ") . $request->{action};
 
 $script->can($request->{action})->($request);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.