X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;ds=sidebyside;f=SL%2FAuth.pm;h=52c2dc63de55510ce115ade02d53387d32f82368;hb=3686bb31d623aaef632060fbdd9d7447c310e279;hp=6652aed4b0113cc58527ba2476ec5dde8c7911f1;hpb=eb8ba4764dff48ed8e67a00c48d02c9e7c6e5de5;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 6652aed4b..52c2dc63d 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -149,7 +149,7 @@ sub authenticate_root {
 
   my ($self, $password) = @_;
 
-  my $session_root_auth = $self->get_session_value(SESSION_KEY_ROOT_AUTH);
+  my $session_root_auth = $self->get_session_value(SESSION_KEY_ROOT_AUTH());
   if (defined $session_root_auth && $session_root_auth == OK) {
     $::lxdebug->leave_sub;
     return OK;
@@ -164,9 +164,7 @@ sub authenticate_root {
   my $admin_password    = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}->());
 
   my $result = $password eq $admin_password ? OK : ERR_PASSWORD;
-  $self->set_session_value(SESSION_KEY_ROOT_AUTH ,=> $result);
-
-  sleep 5 if $result != OK;
+  $self->set_session_value(SESSION_KEY_ROOT_AUTH() => $result);
 
   $::lxdebug->leave_sub;
   return $result;
@@ -177,7 +175,7 @@ sub authenticate {
 
   my ($self, $login, $password) = @_;
 
-  my $session_auth = $self->get_session_value(SESSION_KEY_USER_AUTH);
+  my $session_auth = $self->get_session_value(SESSION_KEY_USER_AUTH());
   if (defined $session_auth && $session_auth == OK) {
     $::lxdebug->leave_sub;
     return OK;
@@ -189,14 +187,17 @@ sub authenticate {
   }
 
   my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER;
-  $self->set_session_value(SESSION_KEY_USER_AUTH ,=> $result, login => $login);
-
-  sleep 5 if $result != OK;
+  $self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login);
 
   $::lxdebug->leave_sub;
   return $result;
 }
 
+sub punish_wrong_login {
+  my $failed_login_penalty = ($::lx_office_conf{authentication} || {})->{failed_login_penalty};
+  sleep $failed_login_penalty if $failed_login_penalty;
+}
+
 sub get_stored_password {
   my ($self, $login) = @_;
 
@@ -424,15 +425,30 @@ sub read_all_users {
   my $self  = shift;
 
   my $dbh   = $self->dbconnect();
-  my $query = qq|SELECT u.id, u.login, cfg.cfg_key, cfg.cfg_value
-                 FROM auth.user_config cfg
-                 LEFT JOIN auth."user" u ON (cfg.user_id = u.id)|;
+  my $query = qq|SELECT u.id, u.login, cfg.cfg_key, cfg.cfg_value, s.mtime AS last_action
+
+                 FROM auth."user" AS  u
+
+                 LEFT JOIN auth.user_config AS cfg
+                   ON (cfg.user_id = u.id)
+
+                 LEFT JOIN auth.session_content AS sc_login
+                   ON (sc_login.sess_key = 'login' AND sc_login.sess_value = ('--- ' \|\| u.login \|\| '\n'))
+
+                 LEFT JOIN auth.session AS s
+                   ON (s.id = sc_login.session_id)
+              |;
   my $sth   = prepare_execute_query($main::form, $dbh, $query);
 
   my %users;
 
   while (my $ref = $sth->fetchrow_hashref()) {
-    $users{$ref->{login}}                    ||= { 'login' => $ref->{login}, 'id' => $ref->{id} };
+
+    $users{$ref->{login}}                    ||= {
+                                                'login' => $ref->{login},
+                                                'id' => $ref->{id},
+                                                'last_action' => $ref->{last_action},
+                                             };
     $users{$ref->{login}}->{$ref->{cfg_key}}   = $ref->{cfg_value} if (($ref->{cfg_key} ne 'login') && ($ref->{cfg_key} ne 'id'));
   }