package SL::Auth;
-use constant OK => 0;
-use constant ERR_PASSWORD => 1;
-use constant ERR_BACKEND => 100;
+use constant OK => 0;
+use constant ERR_PASSWORD => 1;
+use constant ERR_BACKEND => 100;
+
+use constant SESSION_OK => 0;
+use constant SESSION_NONE => 1;
+use constant SESSION_EXPIRED => 2;
use Digest::MD5 qw(md5_hex);
use IO::File;
$self->{authenticator}->verify_config();
+ $self->{session_timeout} *= 1;
+ $self->{session_timeout} = 8 * 60 if (!$self->{session_timeout});
+
$main::lxdebug->leave_sub();
}
sub authenticate_root {
$main::lxdebug->enter_sub();
- my $self = shift;
- my $password = shift;
- my $is_crypted = shift;
+ my $self = shift;
+ my $password = shift;
+ my $is_crypted = shift;
- $password = crypt $password, 'ro' if (!$password || !$is_crypted);
- $admin_password = crypt "$self->{admin_password}", 'ro';
+ $password = crypt $password, 'ro' if (!$password || !$is_crypted);
+ my $admin_password = crypt "$self->{admin_password}", 'ro';
$main::lxdebug->leave_sub();
while (my $ref = $sth->fetchrow_hashref()) {
$users{$ref->{login}} ||= { 'login' => $ref->{login}, 'id' => $ref->{id} };
- $users{$ref->{login}}->{$ref->{cfg_key}} = $ref->{cfg_value} if (($cfg_key ne 'login') && ($cfg_key ne 'id'));
+ $users{$ref->{login}}->{$ref->{cfg_key}} = $ref->{cfg_value} if (($ref->{cfg_key} ne 'login') && ($ref->{cfg_key} ne 'id'));
}
$sth->finish();
$self->{SESSION} = { };
- return $main::lxdebug->leave_sub() if (!$session_id);
+ if (!$session_id) {
+ $main::lxdebug->leave_sub();
+ return SESSION_NONE;
+ }
my ($dbh, $query, $sth, $cookie, $ref, $form);
$form = $main::form;
$dbh = $self->dbconnect();
- $query = qq|SELECT *, (mtime < (now() - '24h'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
+ $query = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
$cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) {
$self->destroy_session();
$main::lxdebug->leave_sub();
- return;
+ return SESSION_EXPIRED;
}
$query = qq|SELECT sess_key, sess_value FROM auth.session_content WHERE session_id = ?|;
$sth->finish();
$main::lxdebug->leave_sub();
+
+ return SESSION_OK;
}
sub destroy_session {
WHERE session_id IN
(SELECT id
FROM auth.session
- WHERE (mtime < (now() - '24h'::interval)))|;
+ WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
do_query($main::form, $dbh, $query);
$query =
qq|DELETE FROM auth.session
- WHERE (mtime < (now() - '24h'::interval))|;
+ WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
do_query($main::form, $dbh, $query);
["purchase_order_edit", $locale->text("Create and edit purchase orders")],
["purchase_delivery_order_edit", $locale->text("Create and edit purchase delivery orders")],
["vendor_invoice_edit", $locale->text("Create and edit vendor invoices")],
+ ["--warehouse_management", $locale->text("Warehouse management")],
+ ["warehouse_contents", $locale->text("View warehouse content")],
+ ["warehouse_management", $locale->text("Warehouse management")],
["--general_ledger_cash", $locale->text("General ledger and cash")],
["general_ledger", $locale->text("Transactions, AR transactions, AP transactions")],
["datev_export", $locale->text("DATEV Export")],