Merge branch 'no-cleartext-passwords-in-db'

[kivitendo-erp.git] / SL / Dispatcher.pm

diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm
index d31fa9b..239cdcb 100644 (file)
--- a/SL/Dispatcher.pm
+++ b/SL/Dispatcher.pm
@@ -5,7 +5,6 @@ use strict;
 BEGIN {
   unshift @INC, "modules/override"; # Use our own versions of various modules (e.g. YAML).
   push    @INC, "modules/fallback"; # Only use our own versions of modules if there's no system version.
-  push    @INC, "SL";               # FCGI won't find modules that are not properly named. Help it by inclduging SL
 }
 
 use CGI qw( -no_xhtml);
@@ -18,8 +17,9 @@ use SL::LXDebug;
 use SL::LxOfficeConf;
 use SL::Locale;
 use SL::Common;
+use SL::Form;
 use SL::Helper::DateTime;
-use Form;
+use SL::Template::Plugin::HTMLFixes;
 use List::Util qw(first);
 use File::Basename;
 
@@ -36,7 +36,14 @@ sub new {
   return $self;
 }
 
+sub interface_type {
+  my ($self) = @_;
+  return $self->{interface} eq 'cgi' ? 'CGI' : 'FastCGI';
+}
+
 sub pre_request_checks {
+  _check_for_old_config_files();
+
   if (!$::auth->session_tables_present) {
     if ($::form->{script} eq 'admin.pl') {
       ::run();
@@ -45,7 +52,6 @@ sub pre_request_checks {
       show_error('login/auth_db_unreachable');
     }
   }
-  $::auth->expire_sessions;
 }
 
 sub show_error {
@@ -174,15 +180,15 @@ sub handle_request {
     $::form->{script} = "controller.pl";
   }
 
-  pre_request_checks();
-
   eval {
+    pre_request_checks();
+
     my $session_result = $::auth->restore_session;
     $::auth->create_or_refresh_session;
 
     $::form->error($::locale->text('System currently down for maintenance!')) if -e ($::lx_office_conf{paths}->{userspath} . "/nologin") && $script ne 'admin';
 
-    if ($script eq 'login' or $script eq 'admin' or $script eq 'kopf') {
+    if ($script eq 'login' or $script eq 'admin') {
       $::form->{titlebar} = "Lx-Office " . $::locale->text('Version') . " $::form->{version}";
       ::run($session_result);
 
@@ -194,11 +200,11 @@ sub handle_request {
 
       $::locale = Locale->new($::myconfig{countrycode});
 
-      show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($::form->{login}, $::form->{password}, 0);
+      show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($::form->{login}, $::form->{password});
 
-      $::auth->set_session_value('login', $::form->{login}, 'password', $::form->{password});
+      $::auth->store_credentials_in_session(login => $::form->{login}, password => $::form->{password});
       $::auth->create_or_refresh_session;
-      $::auth->delete_session_value('FLASH')->save_session();
+      $::auth->delete_session_value('FLASH');
       delete $::form->{password};
 
       if ($action) {
@@ -225,10 +231,14 @@ sub handle_request {
   };
 
   # cleanup
+  $::auth->expire_session_keys->save_session;
+  $::auth->expire_sessions;
+  $::auth->reset;
+
   $::locale   = undef;
   $::form     = undef;
   $::myconfig = ();
-  Form::disconnect_standard_dbh unless $self->_interface_is_fcgi;
+  Form::disconnect_standard_dbh;
 
   $::lxdebug->end_request;
   $::lxdebug->leave_sub;
@@ -333,6 +343,18 @@ sub _init_environment {
   }
 }
 
+sub _check_for_old_config_files {
+  my @old_files = grep { -f "config/${_}" } qw(authentication.pl console.conf lx-erp.conf lx-erp-local.conf);
+  return unless @old_files;
+
+  $::form->{title}      = $::locale->text('Old configuration files');
+  $::form->{stylesheet} = 'lx-office-erp.css';
+  $::form->header;
+  print $::form->parse_html_template('login/old_configuration_files', { FILES => \@old_files });
+
+  ::end_of_request();
+}
+
 package main;
 
 use strict;