package SL::Auth;
-use constant OK => 0;
-use constant ERR_PASSWORD => 1;
-use constant ERR_BACKEND => 100;
+use constant OK => 0;
+use constant ERR_PASSWORD => 1;
+use constant ERR_BACKEND => 100;
+
+use constant SESSION_OK => 0;
+use constant SESSION_NONE => 1;
+use constant SESSION_EXPIRED => 2;
use Digest::MD5 qw(md5_hex);
use IO::File;
$self->{SESSION} = { };
- return $main::lxdebug->leave_sub() if (!$session_id);
+ if (!$session_id) {
+ $main::lxdebug->leave_sub();
+ return SESSION_NONE;
+ }
my ($dbh, $query, $sth, $cookie, $ref, $form);
if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) {
$self->destroy_session();
$main::lxdebug->leave_sub();
- return;
+ return SESSION_EXPIRED;
}
$query = qq|SELECT sess_key, sess_value FROM auth.session_content WHERE session_id = ?|;
$sth->finish();
$main::lxdebug->leave_sub();
+
+ return SESSION_OK;
}
sub destroy_session {
_show_error('login/auth_db_unreachable');
}
$auth->expire_sessions();
-$auth->restore_session();
+my $session_result = $auth->restore_session();
require "bin/mozilla/common.pl";
$form->error($locale->text('System currently down for maintenance!'));
}
+if (SL::Auth::SESSION_EXPIRED == $session_result) {
+ _show_error('login/password_error', 'session');
+}
+
$form->{login} =~ s|.*/||;
%myconfig = $auth->read_user($form->{login});
if (!$myconfig{login}) {
- _show_error('login/password_error');
+ _show_error('login/password_error', 'password');
}
# locale messages
$locale = new Locale "$myconfig{countrycode}", "$script";
if (SL::Auth::OK != $auth->authenticate($form->{login}, $form->{password}, 0)) {
- _show_error('login/password_error');
+ _show_error('login/password_error', 'password');
}
$auth->set_session_value('login', $form->{login}, 'password', $form->{password});
sub _show_error {
my $template = shift;
+ my $error_type = shift;
$locale = Locale->new($language, 'all');
+ $form->{error} = $locale->text('The session is invalid or has expired.') if ($error_type eq 'session');
+ $form->{error} = $locale->text('Incorrect password!.') if ($error_type eq 'password');
$myconfig{countrycode} = $language;
$form->{stylesheet} = 'css/lx-office-erp.css';
show_error('login/auth_db_unreachable');
}
$auth->expire_sessions();
-$auth->restore_session();
+my $session_result = $auth->restore_session();
# customization
if (-f "bin/mozilla/custom_$form->{script}") {
# window title bar, user info
$form->{titlebar} = "Lx-Office " . $locale->text('Version') . " $form->{version}";
+if (SL::Auth::SESSION_EXPIRED == $session_result) {
+ $form->{error_message} = $locale->text('The session is invalid or has expired.');
+ login_screen();
+ exit;
+}
+
my $action = $form->{action};
if (!$action && $auth->{SESSION}->{login}) {
$form->{stylesheet} = "lx-office-erp.css";
}
- $form->{msg} = $msg;
- $form->{fokus} = "loginscreen.login";
- $form->header;
+ $form->{msg} = $msg;
+ $form->header();
print $form->parse_html_template('login/login_screen');
'The restoration process has started. Here\'s the output of the "pg_restore" command:' => 'Der Wiederherstellungsprozess wurde gestartet. Hier ist die Ausgabe des "pg_restore"-Programmes:',
'The restoration process is complete. Please review "pg_restore"\'s output to find out if the restoration was successful.' => 'Die Wiederherstellung ist abgeschlossen. Bitte sehen Sie sich die Ausgabe von "pg_restore" an, um festzustellen, ob die Wiederherstellung erfolgreich war.',
'The second way is to use Perl\'s CPAN module and let it download and install the module for you.' => 'Die zweite Variante besteht darin, Perls CPAN-Modul zu benutzen und es das Modul für Sie installieren zu lassen.',
+ 'The session is invalid or has expired.' => 'Die Session ist ungültig oder abgelaufen.',
'The subject is missing.' => 'Der Betreff fehlt.',
'The tables for user management and authentication do not exist. They will be created in the next step in the following database:' => 'Die Tabellen zum Speichern der Benutzerdaten und zur Benutzerauthentifizierung wurden nicht gefunden. Sie werden in der folgenden Datenbank angelegt:',
'The tabulator character' => 'Das Tabulator-Symbol',
'The creation of the authentication database failed:' => 'Das Anlegen der Authentifizierungsdatenbank schlug fehl:',
'The follow-up date is missing.' => 'Das Wiedervorlagedatum fehlt.',
'The list has been printed.' => 'Die Liste wurde ausgedruckt.',
+ 'The session is invalid or has expired.' => 'Die Session ist ungültig oder abgelaufen.',
'The subject is missing.' => 'Der Betreff fehlt.',
'To (email)' => 'An',
'Total' => 'Summe',
-[% USE HTML %]<body class="login" onLoad="fokus()">
+[% USE HTML %]<body class="login" onLoad="document.loginscreen.login.focus()">
<center>
<table class="login" border="3" cellpadding="20">
-[% USE HTML %]<body class="login" onLoad="fokus()">
+[% USE HTML %]<body class="login" onLoad="document.loginscreen.login.focus()">
<center>
<table class="login" border="3" cellpadding="20">
<p><b>Fehler!</b></p>
- <p>Ungültiges Passwort!</p>
+ <p>[% error %]</p>
<p><a href="login.pl" target="_top">Anmeldung</a></p>
<p><b><translate>Error!</translate></b></p>
- <p><translate>Incorrect Password!</translate></p>
+ <p>[% error %]</p>
<p><a href="login.pl" target="_top"><translate>Login</translate></a></p>
projects / kivitendo-erp.git / commitdiff