From: Moritz Bunkus Date: Thu, 17 Jan 2008 15:31:13 +0000 (+0000) Subject: Benutzerauthentifizierung: Unterscheidung zwischen "Falsches Passwort" und "Session... X-Git-Tag: release-2.6.0beta1~341 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=33c1a7f111af21221572871e95a1b77e3e16aa51;p=kivitendo-erp.git Benutzerauthentifizierung: Unterscheidung zwischen "Falsches Passwort" und "Session abgelaufen". --- diff --git a/SL/Auth.pm b/SL/Auth.pm index 5fb04e6d9..98f1994f9 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -1,8 +1,12 @@ package SL::Auth; -use constant OK => 0; -use constant ERR_PASSWORD => 1; -use constant ERR_BACKEND => 100; +use constant OK => 0; +use constant ERR_PASSWORD => 1; +use constant ERR_BACKEND => 100; + +use constant SESSION_OK => 0; +use constant SESSION_NONE => 1; +use constant SESSION_EXPIRED => 2; use Digest::MD5 qw(md5_hex); use IO::File; @@ -419,7 +423,10 @@ sub restore_session { $self->{SESSION} = { }; - return $main::lxdebug->leave_sub() if (!$session_id); + if (!$session_id) { + $main::lxdebug->leave_sub(); + return SESSION_NONE; + } my ($dbh, $query, $sth, $cookie, $ref, $form); @@ -433,7 +440,7 @@ sub restore_session { if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) { $self->destroy_session(); $main::lxdebug->leave_sub(); - return; + return SESSION_EXPIRED; } $query = qq|SELECT sess_key, sess_value FROM auth.session_content WHERE session_id = ?|; @@ -447,6 +454,8 @@ sub restore_session { $sth->finish(); $main::lxdebug->leave_sub(); + + return SESSION_OK; } sub destroy_session { diff --git a/am.pl b/am.pl index 5b3d66622..a874f6df6 100755 --- a/am.pl +++ b/am.pl @@ -63,7 +63,7 @@ if (!$auth->session_tables_present()) { _show_error('login/auth_db_unreachable'); } $auth->expire_sessions(); -$auth->restore_session(); +my $session_result = $auth->restore_session(); require "bin/mozilla/common.pl"; @@ -99,19 +99,23 @@ if (-e "$userspath/nologin") { $form->error($locale->text('System currently down for maintenance!')); } +if (SL::Auth::SESSION_EXPIRED == $session_result) { + _show_error('login/password_error', 'session'); +} + $form->{login} =~ s|.*/||; %myconfig = $auth->read_user($form->{login}); if (!$myconfig{login}) { - _show_error('login/password_error'); + _show_error('login/password_error', 'password'); } # locale messages $locale = new Locale "$myconfig{countrycode}", "$script"; if (SL::Auth::OK != $auth->authenticate($form->{login}, $form->{password}, 0)) { - _show_error('login/password_error'); + _show_error('login/password_error', 'password'); } $auth->set_session_value('login', $form->{login}, 'password', $form->{password}); @@ -152,7 +156,10 @@ if ($form->{action}) { sub _show_error { my $template = shift; + my $error_type = shift; $locale = Locale->new($language, 'all'); + $form->{error} = $locale->text('The session is invalid or has expired.') if ($error_type eq 'session'); + $form->{error} = $locale->text('Incorrect password!.') if ($error_type eq 'password'); $myconfig{countrycode} = $language; $form->{stylesheet} = 'css/lx-office-erp.css'; diff --git a/bin/mozilla/login.pl b/bin/mozilla/login.pl index 7a4df5c69..7488dd18c 100644 --- a/bin/mozilla/login.pl +++ b/bin/mozilla/login.pl @@ -52,7 +52,7 @@ if (!$auth->session_tables_present()) { show_error('login/auth_db_unreachable'); } $auth->expire_sessions(); -$auth->restore_session(); +my $session_result = $auth->restore_session(); # customization if (-f "bin/mozilla/custom_$form->{script}") { @@ -69,6 +69,12 @@ if (-f "bin/mozilla/$form->{login}_$form->{script}") { # window title bar, user info $form->{titlebar} = "Lx-Office " . $locale->text('Version') . " $form->{version}"; +if (SL::Auth::SESSION_EXPIRED == $session_result) { + $form->{error_message} = $locale->text('The session is invalid or has expired.'); + login_screen(); + exit; +} + my $action = $form->{action}; if (!$action && $auth->{SESSION}->{login}) { @@ -104,9 +110,8 @@ sub login_screen { $form->{stylesheet} = "lx-office-erp.css"; } - $form->{msg} = $msg; - $form->{fokus} = "loginscreen.login"; - $form->header; + $form->{msg} = $msg; + $form->header(); print $form->parse_html_template('login/login_screen'); diff --git a/locale/de/all b/locale/de/all index ad5e85dab..d8df5fa40 100644 --- a/locale/de/all +++ b/locale/de/all @@ -1316,6 +1316,7 @@ aktualisieren wollen?', 'The restoration process has started. Here\'s the output of the "pg_restore" command:' => 'Der Wiederherstellungsprozess wurde gestartet. Hier ist die Ausgabe des "pg_restore"-Programmes:', 'The restoration process is complete. Please review "pg_restore"\'s output to find out if the restoration was successful.' => 'Die Wiederherstellung ist abgeschlossen. Bitte sehen Sie sich die Ausgabe von "pg_restore" an, um festzustellen, ob die Wiederherstellung erfolgreich war.', 'The second way is to use Perl\'s CPAN module and let it download and install the module for you.' => 'Die zweite Variante besteht darin, Perls CPAN-Modul zu benutzen und es das Modul für Sie installieren zu lassen.', + 'The session is invalid or has expired.' => 'Die Session ist ungültig oder abgelaufen.', 'The subject is missing.' => 'Der Betreff fehlt.', 'The tables for user management and authentication do not exist. They will be created in the next step in the following database:' => 'Die Tabellen zum Speichern der Benutzerdaten und zur Benutzerauthentifizierung wurden nicht gefunden. Sie werden in der folgenden Datenbank angelegt:', 'The tabulator character' => 'Das Tabulator-Symbol', diff --git a/locale/de/login b/locale/de/login index 98fdbc38a..c00ad639a 100644 --- a/locale/de/login +++ b/locale/de/login @@ -283,6 +283,7 @@ $self->{texts} = { 'The creation of the authentication database failed:' => 'Das Anlegen der Authentifizierungsdatenbank schlug fehl:', 'The follow-up date is missing.' => 'Das Wiedervorlagedatum fehlt.', 'The list has been printed.' => 'Die Liste wurde ausgedruckt.', + 'The session is invalid or has expired.' => 'Die Session ist ungültig oder abgelaufen.', 'The subject is missing.' => 'Der Betreff fehlt.', 'To (email)' => 'An', 'Total' => 'Summe', diff --git a/templates/webpages/login/login_screen_de.html b/templates/webpages/login/login_screen_de.html index 071b579de..b0ef6f17e 100644 --- a/templates/webpages/login/login_screen_de.html +++ b/templates/webpages/login/login_screen_de.html @@ -1,4 +1,4 @@ -[% USE HTML %] +[% USE HTML %]
diff --git a/templates/webpages/login/login_screen_master.html b/templates/webpages/login/login_screen_master.html index 30e99a1fe..b4e19e264 100644 --- a/templates/webpages/login/login_screen_master.html +++ b/templates/webpages/login/login_screen_master.html @@ -1,4 +1,4 @@ -[% USE HTML %] +[% USE HTML %]
diff --git a/templates/webpages/login/password_error_de.html b/templates/webpages/login/password_error_de.html index 83fecc8b7..06f5058e1 100644 --- a/templates/webpages/login/password_error_de.html +++ b/templates/webpages/login/password_error_de.html @@ -2,7 +2,7 @@

Fehler!

-

Ungültiges Passwort!

+

[% error %]

Anmeldung

diff --git a/templates/webpages/login/password_error_master.html b/templates/webpages/login/password_error_master.html index ad9fd2fa8..e7b30c12f 100644 --- a/templates/webpages/login/password_error_master.html +++ b/templates/webpages/login/password_error_master.html @@ -2,7 +2,7 @@

Error!

-

Incorrect Password!

+

[% error %]

Login