X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Flogin.pl;h=82d50d7066b8a2dc9602a2c22a119e8ff4f961e5;hb=74f7cca442f474aec5bef8ba1453fc9e79c970e2;hp=b9a29c3ede341b61613a65238f94e7370c2e62e3;hpb=d1e4ee7951b4ea788fcfd6bf882865f1b2724966;p=kivitendo-erp.git diff --git a/bin/mozilla/login.pl b/bin/mozilla/login.pl index b9a29c3ed..82d50d706 100644 --- a/bin/mozilla/login.pl +++ b/bin/mozilla/login.pl @@ -28,14 +28,33 @@ ####################################################################### use DBI; +use SL::Auth; use SL::User; use SL::Form; require "bin/mozilla/common.pl"; +require "bin/mozilla/todo.pl"; -$form = new Form; +use strict; -$locale = new Locale $language, "login"; +# This is required because the am.pl in the root directory +# is not scanned by locales.pl: +# $form->parse_html_template('login/password_error') + +our $form = new Form; + +if (! -f 'config/authentication.pl') { + show_error('login/authentication_pl_missing'); +} + +our $locale = new Locale $main::language, "login"; + +our $auth = SL::Auth->new(); +if (!$auth->session_tables_present()) { + show_error('login/auth_db_unreachable'); +} +$auth->expire_sessions(); +my $session_result = $main::auth->restore_session(); # customization if (-f "bin/mozilla/custom_$form->{script}") { @@ -52,9 +71,32 @@ if (-f "bin/mozilla/$form->{login}_$form->{script}") { # window title bar, user info $form->{titlebar} = "Lx-Office " . $locale->text('Version') . " $form->{version}"; -if ($form->{action}) { +if (SL::Auth::SESSION_EXPIRED == $session_result) { + $form->{error_message} = $locale->text('The session is invalid or has expired.'); + login_screen(); + exit; +} + +my $action = $form->{action}; + +if (!$action && $auth->{SESSION}->{login}) { + $action = 'login'; +} + +if ($action) { + our %myconfig = $auth->read_user($form->{login}) if ($form->{login}); + + if (!$myconfig{login} || (SL::Auth::OK != $auth->authenticate($form->{login}, $form->{password}, 0))) { + $form->{error_message} = $locale->text('Incorrect Password!'); + login_screen(); + exit; + } + + $auth->set_session_value('login', $form->{login}, 'password', $form->{password}); + $auth->create_or_refresh_session(); + $form->{titlebar} .= " - $myconfig{name} - $myconfig{dbname}"; - call_sub($locale->findsub($form->{action})); + call_sub($locale->findsub($action)); } else { login_screen(); @@ -63,69 +105,76 @@ if ($form->{action}) { 1; sub login_screen { - $lxdebug->enter_sub(); + $main::lxdebug->enter_sub(); + my ($msg) = @_; if (-f "css/lx-office-erp.css") { $form->{stylesheet} = "lx-office-erp.css"; } - $form->{fokus} = "loginscreen.login"; - $form->header; + $form->{msg} = $msg; + $form->header(); print $form->parse_html_template('login/login_screen'); - $lxdebug->leave_sub(); + $main::lxdebug->leave_sub(); } sub login { - $lxdebug->enter_sub(); + $main::lxdebug->enter_sub(); - $form->error($locale->text('You did not enter a name!')) unless ($form->{login}); + unless ($form->{login}) { + login_screen($locale->text('You did not enter a name!')); + exit; + } - $user = new User $memberfile, $form->{login}; + my $user = new User $form->{login}; # if we get an error back, bale out - if (($result = $user->login(\%$form, $userspath)) <= -1) { - if ($result == -2) { - exit; - } - - $form->error($locale->text('Incorrect username or password!')); + my $result; + if (($result = $user->login($form)) <= -1) { + exit if $result == -2; + login_screen($locale->text('Incorrect username or password!')); + exit; } my %style_to_script_map = ( 'v3' => 'v3', 'neu' => 'new', + 'v4' => 'v4', 'xml' => 'XML', ); my $menu_script = $style_to_script_map{$user->{menustyle}} || ''; # made it this far, execute the menu - $form->{callback} = build_std_url("script=menu${menu_script}.pl", 'action=display'); + $form->{callback} = build_std_url("script=menu${menu_script}.pl", 'action=display', "callback=" . $form->escape($form->{callback})); + + $main::auth->set_cookie_environment_variable(); $form->redirect(); - $lxdebug->leave_sub(); + $main::lxdebug->leave_sub(); } sub logout { - $lxdebug->enter_sub(); + $main::lxdebug->enter_sub(); - unlink "$userspath/$form->{login}.conf"; + $main::auth->destroy_session(); # remove the callback to display the message - $form->{callback} = "login.pl?action=&login="; + $form->{callback} = "login.pl?action="; $form->redirect($locale->text('You are logged out!')); - $lxdebug->leave_sub(); + $main::lxdebug->leave_sub(); } sub company_logo { - $lxdebug->enter_sub(); + $main::lxdebug->enter_sub(); - require "$userspath/$form->{login}.conf"; + my %myconfig = %main::myconfig; + $locale = new Locale $myconfig{countrycode}, "login" if ($main::language ne $myconfig{countrycode}); - $locale = new Locale $myconfig{countrycode}, "login" if ($language ne $myconfig{countrycode}); + $form->{todo_list} = create_todo_list('login_screen' => 1) if (!$form->{no_todo_list}); $form->{stylesheet} = $myconfig{stylesheet}; $form->{title} = $locale->text('About'); @@ -135,5 +184,22 @@ sub company_logo { print $form->parse_html_template('login/company_logo'); - $lxdebug->leave_sub(); + $main::lxdebug->leave_sub(); } + +sub show_error { + my $template = shift; + my %myconfig = %main::myconfig; + $locale = Locale->new($main::language, 'all'); + $myconfig{countrycode} = $main::language; + $form->{stylesheet} = 'css/lx-office-erp.css'; + + $form->header(); + print $form->parse_html_template($template); + + # $form->parse_html_template('login/auth_db_unreachable'); + # $form->parse_html_template('login/authentication_pl_missing'); + + exit; +} +