X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=am.pl;h=a874f6df6fac0ec6acffac489264a49b312cf3c6;hb=018e340ac9f0fc9c4b0bd180bd195e7c0fbd3c0e;hp=e48b9790d9f00672dda13f8572d0d56399213a9c;hpb=799f6001bbb8de6cf080e0cec68c212d863d940f;p=kivitendo-erp.git diff --git a/am.pl b/am.pl index e48b9790d..a874f6df6 100755 --- a/am.pl +++ b/am.pl @@ -31,7 +31,8 @@ ####################################################################### BEGIN { - push(@INC, "modules"); + unshift @INC, "modules/override"; # Use our own versions of various modules (e.g. YAML). + push @INC, "modules/fallback"; # Only use our own versions of modules if there's no system version. } # setup defaults, DO NOT CHANGE @@ -46,12 +47,23 @@ $| = 1; use SL::LXDebug; $lxdebug = LXDebug->new(); -use CGI; +use CGI qw( -no_xhtml); +use SL::Auth; use SL::Form; use SL::Locale; -eval { require "lx-erp.conf"; }; -eval { require "lx-erp-local.conf"; } if -f "lx-erp-local.conf"; +eval { require "config/lx-erp.conf"; }; +eval { require "config/lx-erp-local.conf"; } if -f "config/lx-erp-local.conf"; + +our $cgi = new CGI(''); +our $form = new Form; + +our $auth = SL::Auth->new(); +if (!$auth->session_tables_present()) { + _show_error('login/auth_db_unreachable'); +} +$auth->expire_sessions(); +my $session_result = $auth->restore_session(); require "bin/mozilla/common.pl"; @@ -60,8 +72,10 @@ if (defined($latex) && !defined($latex_templates)) { undef($latex); } -$form = new Form; -$cgi = new CGI(''); +# this prevents most of the tabindexes being created by CGI. +# note: most. popup menus and selecttables will still have tabindexes +# use common.pl's NTI function to get rid of those +local $CGI::TABINDEX = 0; # name of this script $0 =~ tr/\\/\//; @@ -77,33 +91,41 @@ $script =~ s/\.pl//; # pull in DBI use DBI; -# check for user config file, could be missing or ??? -eval { require("$userspath/$form->{login}.conf"); }; -if ($@) { - $locale = new Locale "$language", "$script"; +# locale messages +$locale = new Locale($language, "$script"); - $form->{callback} = ""; - $msg1 = $locale->text('You are logged out!'); - $msg2 = $locale->text('Login'); - $form->redirect("$msg1

$msg2"); +# did sysadmin lock us out +if (-e "$userspath/nologin") { + $form->error($locale->text('System currently down for maintenance!')); } -$myconfig{dbpasswd} = unpack 'u', $myconfig{dbpasswd}; -map { $form->{$_} = $myconfig{$_} } qw(stylesheet charset) - unless (($form->{action} eq 'save') && ($form->{type} eq 'preferences')); +if (SL::Auth::SESSION_EXPIRED == $session_result) { + _show_error('login/password_error', 'session'); +} + +$form->{login} =~ s|.*/||; + +%myconfig = $auth->read_user($form->{login}); + +if (!$myconfig{login}) { + _show_error('login/password_error', 'password'); +} # locale messages $locale = new Locale "$myconfig{countrycode}", "$script"; -# check password -$form->error($locale->text('Incorrect Password!')) - if ($form->{password} ne $myconfig{password}); - -# did sysadmin lock us out -if (-e "$userspath/nologin") { - $form->error($locale->text('System currently down for maintenance!')); +if (SL::Auth::OK != $auth->authenticate($form->{login}, $form->{password}, 0)) { + _show_error('login/password_error', 'password'); } +$auth->set_session_value('login', $form->{login}, 'password', $form->{password}); +$auth->create_or_refresh_session(); + +delete $form->{password}; + +map { $form->{$_} = $myconfig{$_} } qw(stylesheet charset) + unless (($form->{action} eq 'save') && ($form->{type} eq 'preferences')); + # pull in the main code require "bin/mozilla/$form->{script}"; @@ -132,5 +154,19 @@ if ($form->{action}) { $form->error($locale->text('action= not defined!')); } +sub _show_error { + my $template = shift; + my $error_type = shift; + $locale = Locale->new($language, 'all'); + $form->{error} = $locale->text('The session is invalid or has expired.') if ($error_type eq 'session'); + $form->{error} = $locale->text('Incorrect password!.') if ($error_type eq 'password'); + $myconfig{countrycode} = $language; + $form->{stylesheet} = 'css/lx-office-erp.css'; + + $form->header(); + print $form->parse_html_template($template); + exit; +} + # end