Revision 670f76a8
Von Moritz Bunkus vor etwa 12 Jahren hinzugefügt
| SL/Dispatcher.pm | ||
|---|---|---|
| 214 | 214 |
action => $action, |
| 215 | 215 |
); |
| 216 | 216 |
|
| 217 |
delete @{ $::form }{ grep { m/^\{AUTH\}/ } keys %{ $::form } };
|
|
| 218 |
|
|
| 217 | 219 |
if ($action) {
|
| 218 | 220 |
$::instance_conf->init if $auth_level eq 'user'; |
| 219 | 221 |
|
| SL/Dispatcher/AuthHandler/Admin.pm | ||
|---|---|---|
| 7 | 7 |
sub handle {
|
| 8 | 8 |
%::myconfig = (); |
| 9 | 9 |
|
| 10 |
return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK();
|
|
| 10 |
return if $::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK();
|
|
| 11 | 11 |
|
| 12 |
$::auth->delete_session_value('rpw');
|
|
| 12 |
$::auth->delete_session_value('admin_password');
|
|
| 13 | 13 |
SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
|
| 14 | 14 |
} |
| 15 | 15 |
|
| bin/mozilla/admin.pl | ||
|---|---|---|
| 95 | 95 |
$form->{favicon} = "favicon.ico";
|
| 96 | 96 |
|
| 97 | 97 |
if ($form->{action}) {
|
| 98 |
if ($auth->authenticate_root($form->{rpw}) != $auth->OK()) {
|
|
| 98 |
if ($auth->authenticate_root($form->{'{AUTH}admin_password'}) != $auth->OK()) {
|
|
| 99 | 99 |
$form->{error_message} = $locale->text('Incorrect Password!');
|
| 100 |
$auth->delete_session_value('rpw');
|
|
| 100 |
$auth->delete_session_value('admin_password');
|
|
| 101 | 101 |
adminlogin(); |
| 102 | 102 |
} else {
|
| 103 | 103 |
if ($auth->session_tables_present()) {
|
| 104 |
delete $::form->{rpw};
|
|
| 104 |
delete $::form->{'{AUTH}admin_password'};
|
|
| 105 | 105 |
_apply_dbupgrade_scripts(); |
| 106 | 106 |
} |
| 107 | 107 |
|
| ... | ... | |
| 194 | 194 |
my $locale = $main::locale; |
| 195 | 195 |
|
| 196 | 196 |
$main::auth->create_tables(); |
| 197 |
$main::auth->set_session_value('rpw', $form->{rpw});
|
|
| 197 |
$main::auth->set_session_value('admin_password', $form->{'{AUTH}admin_password'});
|
|
| 198 | 198 |
$main::auth->create_or_refresh_session(); |
| 199 | 199 |
|
| 200 | 200 |
my $memberfile = $::lx_office_conf{paths}->{memberfile};
|
| bin/mozilla/login.pl | ||
|---|---|---|
| 61 | 61 |
$action = 'login'; |
| 62 | 62 |
} |
| 63 | 63 |
if ($action) {
|
| 64 |
%::myconfig = $auth->read_user(login => $form->{login}) if ($form->{login});
|
|
| 64 |
$form->{login} = $form->{'{AUTH}login'} || $form->{login};
|
|
| 65 |
%::myconfig = $auth->read_user(login => $form->{login}) if $form->{login};
|
|
| 66 |
|
|
| 65 | 67 |
$::locale = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode};
|
| 66 | 68 |
|
| 67 |
if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{password})) {
|
|
| 69 |
if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{'{AUTH}password'})) {
|
|
| 68 | 70 |
$form->{error_message} = $::locale->text('Incorrect username or password!');
|
| 69 | 71 |
login_screen(); |
| 70 | 72 |
} else {
|
| 71 | 73 |
$auth->create_or_refresh_session(); |
| 72 |
delete $form->{password};
|
|
| 74 |
delete $form->{'{AUTH}password'};
|
|
| 73 | 75 |
|
| 74 | 76 |
$form->{titlebar} .= " - $::myconfig{name} - $::myconfig{dbname}";
|
| 75 | 77 |
call_sub($::locale->findsub($action)); |
| scripts/csv-import-from-shell.sh | ||
|---|---|---|
| 107 | 107 |
-F 'settings.sellprice_adjustment_type=percent' \ |
| 108 | 108 |
-F 'settings.sellprice_places=2' \ |
| 109 | 109 |
-F 'settings.shoparticle_if_missing=0' \ |
| 110 |
-F "login=${login}" \
|
|
| 111 |
-F "password=${password}" \
|
|
| 110 |
-F "{AUTH}login=${login}" \
|
|
| 111 |
-F "{AUTH}password=${password}" \
|
|
| 112 | 112 |
-F "file=@${file}" \
|
| 113 | 113 |
${url}
|
| 114 | 114 |
} |
| templates/webpages/admin/adminlogin.html | ||
|---|---|---|
| 19 | 19 |
<table> |
| 20 | 20 |
<tr> |
| 21 | 21 |
<th>[% 'Password' | $T8 %]</th> |
| 22 |
<td><input type="password" name="rpw" id="rpw"></td>
|
|
| 22 |
<td><input type="password" name="{AUTH}admin_password" id="rpw"></td>
|
|
| 23 | 23 |
<td><input type="submit" class="submit" name="action" value="[% 'Login' | $T8 %]"></td> |
| 24 | 24 |
</tr> |
| 25 | 25 |
<input type="hidden" name="action" value="login"> |
| templates/webpages/admin/list_users.html | ||
|---|---|---|
| 69 | 69 |
<table border="0"> |
| 70 | 70 |
<tr> |
| 71 | 71 |
<th align="right">[% 'Login Name' | $T8 %]</th> |
| 72 |
<td><input class="login" name="login"></td> |
|
| 72 |
<td><input class="login" name="{AUTH}login"></td>
|
|
| 73 | 73 |
<td> </td> |
| 74 | 74 |
</tr> |
| 75 | 75 |
<tr> |
| 76 | 76 |
<th align="right">[% 'Password' | $T8 %]</th> |
| 77 |
<td><input class="login" type="password" name="password"></td> |
|
| 77 |
<td><input class="login" type="password" name="{AUTH}password"></td>
|
|
| 78 | 78 |
<td><input type="submit" name="action" value="[% 'Login' | $T8 %]"></td> |
| 79 | 79 |
</tr> |
| 80 | 80 |
</table> |
| templates/webpages/login/login_screen.html | ||
|---|---|---|
| 24 | 24 |
<table> |
| 25 | 25 |
<tr> |
| 26 | 26 |
<th align="right">[% 'Login Name' | $T8 %]</th> |
| 27 |
<td><input class="login" name="login" size="30" tabindex="1"></td> |
|
| 27 |
<td><input class="login" name="{AUTH}login" size="30" tabindex="1"></td>
|
|
| 28 | 28 |
</tr> |
| 29 | 29 |
<tr> |
| 30 | 30 |
<th align="right">[% 'Password' | $T8 %]</th> |
| 31 |
<td><input class="login" type="password" name="password" size="30" tabindex="2"></td> |
|
| 31 |
<td><input class="login" type="password" name="{AUTH}password" size="30" tabindex="2"></td>
|
|
| 32 | 32 |
</tr> |
| 33 | 33 |
</table> |
| 34 | 34 |
|
Auch abrufbar als: Unified diff
Formularfelder und Session-Keys für Logins umbenannt
Ziel: Ermöglichen, dass Login & Passwort auch wieder per
Formularfelder mit jedem Request übertragen werden, aber nicht mehr so
offensichtlich im "Formularfeldernamensraum" rumgeistern -- sondern
leicht aussortierbar sind. Die Formularfelder, die mit "{AUTH}"
starten, werden vom Dispatcher nach erfolgter Loginüberprüfung
automatisch entfernt, bevor die Kontrolle an die Controller/Actions
übergeben wird (unabhängig vom Routingtyp).
Vorher waren Formularfelder sowie die Session-Keys für User-Logins
"login" und "password", für Admin-Login "rpw".
Jetzt:
- Formularfelder: für User-Logins "{AUTH}login" und "{AUTH}password",
für Admin-Login "{AUTH}admin_password".
- Session-Keys: jeweils ohne "{AUTH}", sprich für User-Logins
weiterhin "login" und "password", für Admin-Login neu
"admin_password".