X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=784b185b459d3412f62f65461d26484893eec62c;hb=72b340de2352eec7d3f99a00e2141a2df35f07f3;hp=109b75ce3e3477abcf0288469723b0bc1e109ac2;hpb=f90fcfb985a9c98d8e00717929717012e431f8c9;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 109b75ce3..784b185b4 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -12,6 +12,7 @@ use SL::Auth::Constants qw(:all);
 use SL::Auth::DB;
 use SL::Auth::LDAP;
 
+use SL::SessionFile;
 use SL::User;
 use SL::DBConnect;
 use SL::DBUpgrade2;
@@ -555,6 +556,8 @@ sub destroy_session {
 
     $dbh->commit();
 
+    SL::SessionFile->destroy_session($session_id);
+
     $session_id      = undef;
     $self->{SESSION} = { };
   }
@@ -567,26 +570,31 @@ sub expire_sessions {
 
   my $self  = shift;
 
+  $main::lxdebug->leave_sub and return if !$self->session_tables_present;
+
   my $dbh   = $self->dbconnect();
 
-  $dbh->begin_work;
+  my $query = qq|SELECT id
+                 FROM auth.session
+                 WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
-  my $query =
-    qq|DELETE FROM auth.session_content
-       WHERE session_id IN
-         (SELECT id
-          FROM auth.session
-          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
+  my @ids   = selectall_array_query($::form, $dbh, $query);
 
-  do_query($main::form, $dbh, $query);
+  if (@ids) {
+    $dbh->begin_work;
 
-  $query =
-    qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
+    SL::SessionFile->destroy_session($_) for @ids;
 
-  do_query($main::form, $dbh, $query);
+    $query = qq|DELETE FROM auth.session_content
+                WHERE session_id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+    do_query($main::form, $dbh, $query, @ids);
 
-  $dbh->commit();
+    $query = qq|DELETE FROM auth.session
+                WHERE id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+    do_query($main::form, $dbh, $query, @ids);
+
+    $dbh->commit();
+  }
 
   $main::lxdebug->leave_sub();
 }
@@ -615,7 +623,7 @@ sub save_session {
 
   my $dbh          = $provided_dbh || $self->dbconnect(1);
 
-   $::lxdebug->leave_sub && return unless $dbh;
+  $::lxdebug->leave_sub && return unless $dbh && $session_id;
 
   $dbh->begin_work unless $provided_dbh;
 
@@ -779,6 +787,14 @@ sub session_tables_present {
   $main::lxdebug->enter_sub();
 
   my $self = shift;
+
+  # Only re-check for the presence of auth tables if either the check
+  # hasn't been done before of if they weren't present.
+  if ($self->{session_tables_present}) {
+    $main::lxdebug->leave_sub();
+    return $self->{session_tables_present};
+  }
+
   my $dbh  = $self->dbconnect(1);
 
   if (!$dbh) {
@@ -794,9 +810,11 @@ sub session_tables_present {
 
   my ($count) = selectrow_query($main::form, $dbh, $query);
 
+  $self->{session_tables_present} = 2 == $count;
+
   $main::lxdebug->leave_sub();
 
-  return 2 == $count;
+  return $self->{session_tables_present};
 }
 
 # --------------------------------------
@@ -1095,7 +1113,7 @@ sub assert {
   $::lxdebug->enter_sub(2);
   my ($self, $right, $dont_abort) = @_;
 
-  if ($self->check_right($::form->{login}, $right)) {
+  if ($self->check_right($::myconfig{login}, $right)) {
     $::lxdebug->leave_sub(2);
     return 1;
   }
@@ -1117,7 +1135,7 @@ sub load_rights_for_user {
   my $dbh   = $self->dbconnect;
   my ($query, $sth, $row, $rights);
 
-  $rights = { map { $rights->{$_} = 0 } all_rights() };
+  $rights = { map { $_ => 0 } all_rights() };
 
   $query =
     qq|SELECT gr."right", gr.granted