$self->{RIGHTS} = { };
$self->{unique_counter} = 0;
$self->{column_information} = SL::Auth::ColumnInformation->new(auth => $self);
+ $self->{authenticator}->reset;
}
sub get_user_dbh {
@user_data{qw(id login)} = @{$ref}{qw(id login)};
}
+ # The XUL/XML backed menu has been removed.
+ $user_data{menustyle} = 'v3' if lc($user_data{menustyle} || '') eq 'xml';
+
$sth->finish();
$main::lxdebug->leave_sub();
my $self = shift;
- my $cgi = $main::cgi;
- $cgi ||= CGI->new('');
-
- $session_id = $cgi->cookie($self->get_session_cookie_name());
- $session_id =~ s|[^0-9a-f]||g;
+ $session_id = $::request->{cgi}->cookie($self->get_session_cookie_name());
+ $session_id =~ s|[^0-9a-f]||g if $session_id;
$self->{SESSION} = { };
$form = $main::form;
- $dbh = $self->dbconnect();
+ # Don't fail if the auth DB doesn't yet.
+ if (!( $dbh = $self->dbconnect(1) )) {
+ $::lxdebug->leave_sub;
+ return SESSION_NONE;
+ }
+
+ # Don't fail if the "auth" schema doesn't exist yet, e.g. if the
+ # admin is creating the session tables at the moment.
$query = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
- $cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
+ if (!($sth = $dbh->prepare($query)) || !$sth->execute($session_id)) {
+ $sth->finish if $sth;
+ $::lxdebug->leave_sub;
+ return SESSION_NONE;
+ }
+
+ $cookie = $sth->fetchrow_hashref;
+ $sth->finish;
if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) {
$self->destroy_session();
$dbh->begin_work unless $provided_dbh;
- do_query($::form, $dbh, qq|LOCK auth.session_content|);
+ # If this fails then the "auth" schema might not exist yet, e.g. if
+ # the admin is just trying to create the auth database.
+ if (!$dbh->do(qq|LOCK auth.session_content|)) {
+ $dbh->rollback unless $provided_dbh;
+ $::lxdebug->leave_sub;
+ return;
+ }
my @unfetched_keys = map { $_->{key} }
grep { ! $_->{fetched} }
my $key = "$$-" . ($now[0] * 1000000 + $now[1]) . "-";
$self->{unique_counter} ||= 0;
- $self->{unique_counter}++ while exists $self->{SESSION}->{$key . ($self->{unique_counter} + 1)};
- $self->{unique_counter}++;
+ my $hashed_key;
+ do {
+ $self->{unique_counter}++;
+ $hashed_key = md5_hex($key . $self->{unique_counter});
+ } while (exists $self->{SESSION}->{$hashed_key});
- $self->set_session_value($key . $self->{unique_counter} => $value);
+ $self->set_session_value($hashed_key => $value);
- return $key . $self->{unique_counter};
+ return $hashed_key;
}
sub save_form_in_session {
["invoice_edit", $locale->text("Create and edit invoices and credit notes")],
["dunning_edit", $locale->text("Create and edit dunnings")],
["sales_all_edit", $locale->text("View/edit all employees sales documents")],
+ ["edit_prices", $locale->text("Edit prices and discount (if not used, textfield is ONLY set readonly)")],
["--ap", $locale->text("AP")],
["request_quotation_edit", $locale->text("Create and edit RFQs")],
["purchase_order_edit", $locale->text("Create and edit purchase orders")],
projects / kivitendo-erp.git / blobdiff