[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[4168] branches/1.3
- Subject: SF.net SVN: ledger-smb:[4168] branches/1.3
- From: ..hidden..
- Date: Thu, 08 Dec 2011 10:58:47 +0000
Revision: 4168
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=4168&view=rev
Author: tshvr
Date: 2011-12-08 10:58:46 +0000 (Thu, 08 Dec 2011)
Log Message:
-----------
docum logout,logging,TODO
Modified Paths:
--------------
branches/1.3/LedgerSMB/Auth/DB.pm
branches/1.3/UI/logout/firefox.js
Modified: branches/1.3/LedgerSMB/Auth/DB.pm
===================================================================
--- branches/1.3/LedgerSMB/Auth/DB.pm 2011-12-08 09:09:04 UTC (rev 4167)
+++ branches/1.3/LedgerSMB/Auth/DB.pm 2011-12-08 10:58:46 UTC (rev 4168)
@@ -22,7 +22,7 @@
use LedgerSMB::Log;
use strict;
-my $logger = Log::Log4perl->get_logger('LedgerSMB');
+my $logger = Log::Log4perl->get_logger('LedgerSMB::Auth');
=item session_check
@@ -34,14 +34,17 @@
sub session_check {
my ( $cookie, $form ) = @_;
+ #(my $package,my $filename,my $line)=caller;
my $path = ($ENV{SCRIPT_NAME});
$path =~ s|[^/]*$||;
my $secure;
+ $logger->debug("\$cookie=$cookie");
if ($cookie eq 'Login'){
return session_create($form);
}
+ #TODO what if cookie '' ?
my $timeout;
@@ -71,6 +74,7 @@
|| $form->dberror(
__FILE__ . ':' . __LINE__ . ': Looking for session: ' );
my $sessionValid = $checkQuery->rows;
+ $logger->debug("\$sessionID=$sessionID \$token=$token \$sessionValid=$sessionValid");
$dbh->commit;
if ($sessionValid) {
@@ -83,12 +87,9 @@
$login =~ s/[^a-zA-Z0-9._+\@'-]//g;
if (( $session_ref ))
{
-
-
-
-
my $newCookieValue =
$session_ref->{session_id} . ':' . $session_ref->{token} . ':' . $form->{company};
+ $logger->debug("\$newCookieValue=$newCookieValue");
#now update the cookie in the browser
if ($ENV{SERVER_PORT} == 443){
@@ -99,9 +100,9 @@
}
else {
+ $logger->debug("no \$session_ref");
+ my $sessionDestroy = $dbh->prepare("");#TODO meaning of this statement?
- my $sessionDestroy = $dbh->prepare("");
-
#delete the cookie in the browser
if ($ENV{SERVER_PORT} == 443){
$secure = ' Secure;';
@@ -112,9 +113,7 @@
}
else {
-
- #cookie is not valid
- #delete the cookie in the browser
+ $logger->debug("delete invalid cookie in the browser");
if ($ENV{SERVER_PORT} == 443){
$secure = ' Secure;';
}
@@ -191,9 +190,10 @@
if ( !$lsmb->{timeout} ) {
$lsmb->{timeout} = 86400;
}
- $deleteExisting->execute( $login)
+ my $rc=$deleteExisting->execute( $login)
|| $lsmb->dberror(
__FILE__ . ':' . __LINE__ . ': Delete from session: ' . $DBI::errstr);
+ $logger->debug("delete from session \$login=$login \$rc=$rc");
#doing the random stuff in the db so that LedgerSMB won't
#require a good random generator - maybe this should be reviewed,
@@ -207,8 +207,9 @@
my ( $newSessionID, $newToken ) = $fetchSequence->fetchrow_array;
#create a new session
- $createNew->execute( $newSessionID, $newToken )
+ $rc=$createNew->execute( $newSessionID, $newToken )
|| http_error('401');
+ $logger->debug("createnew \$rc=$rc");
$lsmb->{session_id} = $newSessionID;
#reseed the random number generator
@@ -256,9 +257,11 @@
WHERE users_id = (select id from users where username = ?)
" );
- $deleteExisting->execute($login)
+ my $rc=$deleteExisting->execute($login)
|| $form->dberror(
__FILE__ . ':' . __LINE__ . ': Delete from session: ' );
+ $logger->debug("delete from session \$login=$login \$rc=$rc");
+ $dbh->commit;
#delete the cookie in the browser
if ($ENV{SERVER_PORT} == 443){
@@ -285,6 +288,7 @@
$auth =~ s/Basic //i; # strip out basic authentication preface
$auth = MIME::Base64::decode($auth);
my $return_value = {};
+ #$logger->debug("\$auth=$auth");#be aware of passwords in log!
($return_value->{login}, $return_value->{password}) = split(/:/, $auth);
if (defined $LedgerSMB::Sysconfig::force_username_case){
if (lc($LedgerSMB::Sysconfig::force_username_case) eq 'lower'){
Modified: branches/1.3/UI/logout/firefox.js
===================================================================
--- branches/1.3/UI/logout/firefox.js 2011-12-08 09:09:04 UTC (rev 4167)
+++ branches/1.3/UI/logout/firefox.js 2011-12-08 10:58:46 UTC (rev 4168)
@@ -5,6 +5,8 @@
xhre.open("GET",window.location,true,"logout","logout");
xhre.send("");
xhre.abort();
+ //be aware, sometimes get-request reaches server despite abort.
+ // LedgerSMB::Auth::DB::get_credentials can have $auth=logout:logout
}
}
catch (e) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.