#!/usr/bin/perl # Copyright 2001-2006 Leslie Richardson # This file is part of Open Admin for Schools. # Open Admin for Schools is free software; you can redistribute it # and/or modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. my %lex = ('Userid' => 'Userid', 'Password' => 'Password', 'Duration' => 'Duration', 'Login' => 'Login', 'Staff Login' => 'Staff Login', 'min' => 'min', 'No Userid Found' => 'No Userid Found', 'Incorrect Password' => 'Incorrect Password', 'Logged In' => 'Logged In', 'User' => 'User', ); use DBI; use CGI; use CGI::Session; my $q = CGI->new; my %arr = $q->Vars; require "../etc/admin.conf" or die "Cannot open admin.conf!"; my $dsn = "DBI:$dbtype:dbname=$dbase"; my $dbh = DBI->connect($dsn,$user,$password); my $login_result; if ($arr{flag}) { $login_result = doLogin(); } else { print $q->header; } # Print Page Heading #print "$doctype\n". $lex{'Staff Login'}. " # # #
printHTMLHeader(); print "

". $lex{'Staff Login'}. "

\n"; if ($login_result) { print "$login_result\n"; } print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
". $lex{Userid}. ":
". $lex{Password}. ":
". $lex{Duration}. ": ". $lex{min}. "
\n"; #---------- sub doLogin { #---------- delete $arr{flag}; my $session = new CGI::Session("driver:mysql;serializer:FreezeThaw", undef,{Handle => $dbh}) or die CGI::Session->errstr; # Set Session Values; # Check password/userid against database (-1 no user, -2 wrong password; my $error = checkPassword($arr{userid}, $arr{password}); if ($error == -1){ print $q->header; return $lex{'No Userid Found'}; } if ($error == -2){ print $q->header; return $lex{'Incorrect Password'}; } $cookietime = checkCookieTime($arr{duration}); # Set values for userid and logged_in in session $session->param('logged_in','1'); $session->expire('logged_in',$cookietime); $session->param('userid',$arr{userid}); # Now print page header... print $session->header; printHTMLHeader(); print "

". $lex{'Staff Login'}. "

\n"; my $sth = $dbh->prepare("select firstname, lastname from staff where userid = ?"); $sth->execute($arr{userid}); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my ($firstname, $lastname) = $sth->fetchrow; print "$firstname $lastname
". $lex{'Logged In'}. "
\n"; print "\n

"; print "\n"; die; # if we get to here... } #---------------- sub checkPassword { #---------------- my ($userid, $password) = @_; if (not $userid){ return -1;} if (not $password){ return -2;} # Sanitize unless ( $password =~ m#^([\w\d.-@_+]+)$# ) { return -2; } $password = $1; #check for presence of userid my $sth = $dbh->prepare("select count(userid) from staff where userid = ?"); $sth->execute($userid); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my $count = $sth->fetchrow; if ($count < 1){ return -1;} # no userid #check for presence of correct password and userid my $sth = $dbh->prepare("select count(userid) from staff where userid = ? and passwd = ?"); $sth->execute($userid, $password); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my $count = $sth->fetchrow; if ($count < 1){ return -2;} # not correct password return 0; # if all ok... } #------------------ sub checkCookieTime { #------------------ # defaults $defaulttime = 20; # minutes $minimumtime = 3; # minutes $maximumtime = 60; my ($duration) = @_; if ($duration) { $cookietime = $duration; } else { $cookietime = $defaulttime; } $cookietime = $minimumtime if $cookietime < $minimumtime; $cookietime = $maximumtime if $cookietime > $maximumtime; # not used with CGI::Session $cookietime = "+".$cookietime."m"; # set format return $cookietime; } #------------------ sub printHTMLHeader { #------------------ # Print Page Heading print "$doctype\n". $lex{'OA Staff Login'}. "\n"; print "\n"; print "\n"; print "\n"; }