[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[2615] trunk/LedgerSMB/Auth/DB.pm
- Subject: SF.net SVN: ledger-smb:[2615] trunk/LedgerSMB/Auth/DB.pm
- From: ..hidden..
- Date: Sat, 30 May 2009 17:31:12 +0000
Revision: 2615
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=2615&view=rev
Author: einhverfr
Date: 2009-05-30 17:31:11 +0000 (Sat, 30 May 2009)
Log Message:
-----------
Fixing internal server errors where dbuser which is not a valid lsmb user tries to log in. Now we issue a 403 error instead.
Modified Paths:
--------------
trunk/LedgerSMB/Auth/DB.pm
Modified: trunk/LedgerSMB/Auth/DB.pm
===================================================================
--- trunk/LedgerSMB/Auth/DB.pm 2009-05-28 16:18:40 UTC (rev 2614)
+++ trunk/LedgerSMB/Auth/DB.pm 2009-05-30 17:31:11 UTC (rev 2615)
@@ -182,8 +182,7 @@
#create a new session
$createNew->execute( $newSessionID, $newToken, $newTransactionID )
- || $lsmb->dberror( __FILE__ . ':' . __LINE__ . ": Create new session: \n".
- $lsmb->{dbh}->errstr() );
+ || http_error('403');
#reseed the random number generator
my $randomSeed = 1.0 * ( '0.' . ( time() ^ ( $$ + ( $$ << 15 ) ) ) );
@@ -203,6 +202,44 @@
$lsmb->{dbh}->commit;
}
+sub http_error {
+ my ($errcode) = @_;
+
+ my $err = {
+ '500' => {status => '500 Internal Server Error',
+ message => 'An error occurred. Information on this error has been logged.',
+ others => {}},
+ '403' => {status => '403 Forbidden',
+ message => 'You are not allowed to access the specified resource.',
+ others => {}},
+ '401' => {status => '401 Unauthorized',
+ message => 'Please enter your credentials',
+ others => {'WWW-Authenticate' => "Basic realm=\"LedgerSMB\""}}
+ };
+ # Ordinarily I would use $cgi->header to generate the headers
+ # but this doesn't seem to be working. Although it is generally desirable
+ # to create the headers using the package, I think we should print them
+ # manually. -CT
+ my $status;
+ if ($err->{$errcode}->{status}){
+ $status = $err->{$errcode}->{status};
+ } elsif ($errcode) {
+ $status = $errcode;
+ } else {
+ print STDERR "Tried to generate http error without code!\n";
+ http_error('500');
+ }
+ print "Status: $status\n";
+ for my $h (keys %{$err->{$errcode}->{others}}){
+ print "$h: $err->{$errcode}->{others}->{$h}\n";
+ }
+ print "Content-Type: text/plain\n\n";
+ print "Status: $status\n$err->{$errcode}->{message}\n";
+ exit;
+
+
+}
+
sub session_destroy {
my ($form) = @_;
@@ -247,10 +284,7 @@
}
sub credential_prompt{
- print "WWW-Authenticate: Basic realm=\"LedgerSMB\"\n";
- print "Status: 401 Unauthorized\n\n";
- print "Please enter your credentials.\n";
- exit;
+ http_error(401);
}
sub password_check {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.