Merge branch 'no-cleartext-passwords-in-db'

[kivitendo-erp.git] / SL / Dispatcher.pm

diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm
index 880f6f4..239cdcb 100644 (file)
--- a/SL/Dispatcher.pm
+++ b/SL/Dispatcher.pm
@@ -19,6 +19,7 @@ use SL::Locale;
 use SL::Common;
 use SL::Form;
 use SL::Helper::DateTime;
+use SL::Template::Plugin::HTMLFixes;
 use List::Util qw(first);
 use File::Basename;
 
@@ -41,6 +42,8 @@ sub interface_type {
 }
 
 sub pre_request_checks {
+  _check_for_old_config_files();
+
   if (!$::auth->session_tables_present) {
     if ($::form->{script} eq 'admin.pl') {
       ::run();
@@ -49,7 +52,6 @@ sub pre_request_checks {
       show_error('login/auth_db_unreachable');
     }
   }
-  $::auth->expire_sessions;
 }
 
 sub show_error {
@@ -178,15 +180,15 @@ sub handle_request {
     $::form->{script} = "controller.pl";
   }
 
-  pre_request_checks();
-
   eval {
+    pre_request_checks();
+
     my $session_result = $::auth->restore_session;
     $::auth->create_or_refresh_session;
 
     $::form->error($::locale->text('System currently down for maintenance!')) if -e ($::lx_office_conf{paths}->{userspath} . "/nologin") && $script ne 'admin';
 
-    if ($script eq 'login' or $script eq 'admin' or $script eq 'kopf') {
+    if ($script eq 'login' or $script eq 'admin') {
       $::form->{titlebar} = "Lx-Office " . $::locale->text('Version') . " $::form->{version}";
       ::run($session_result);
 
@@ -200,7 +202,7 @@ sub handle_request {
 
       show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($::form->{login}, $::form->{password});
 
-      $::auth->set_session_value('login', $::form->{login}, 'password', $::form->{password});
+      $::auth->store_credentials_in_session(login => $::form->{login}, password => $::form->{password});
       $::auth->create_or_refresh_session;
       $::auth->delete_session_value('FLASH');
       delete $::form->{password};
@@ -229,12 +231,14 @@ sub handle_request {
   };
 
   # cleanup
+  $::auth->expire_session_keys->save_session;
+  $::auth->expire_sessions;
+  $::auth->reset;
+
   $::locale   = undef;
   $::form     = undef;
   $::myconfig = ();
   Form::disconnect_standard_dbh;
-  $::auth->save_session;
-  $::auth->dbdisconnect;
 
   $::lxdebug->end_request;
   $::lxdebug->leave_sub;
@@ -339,6 +343,18 @@ sub _init_environment {
   }
 }
 
+sub _check_for_old_config_files {
+  my @old_files = grep { -f "config/${_}" } qw(authentication.pl console.conf lx-erp.conf lx-erp-local.conf);
+  return unless @old_files;
+
+  $::form->{title}      = $::locale->text('Old configuration files');
+  $::form->{stylesheet} = 'lx-office-erp.css';
+  $::form->header;
+  print $::form->parse_html_template('login/old_configuration_files', { FILES => \@old_files });
+
+  ::end_of_request();
+}
+
 package main;
 
 use strict;