$title

#!/usr/bin/perl # Copyright 2001-2021 Leslie Richardson # This file is part of Open Admin for Schools. # Open Admin for Schools is free software; you can redistribute it # and/or modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. my %lex = ('User Id' => 'User Id', 'Password' => 'Password', 'Duration' => 'Duration', 'Login' => 'Login', 'Log In' => 'Log In', 'Log Out' => 'Log Out', 'min' => 'min', 'No Userid Found' => 'No Userid Found', 'Incorrect Password' => 'Incorrect Password', 'Logged In' => 'Logged In', 'Error' => 'Error', 'Continue' => 'Continue', 'User' => 'User', 'Main' => 'Main', ); my $self = 'tlogin.pl'; my $defaulttime = 90; # minutes; should be loaded from config use DBI; use CGI; use CGI::Session; my $q = CGI->new; my %arr = $q->Vars; eval require "../etc/admin.conf"; if ( $@ ) { print $lex{Error}. ": $@
\n"; die $lex{Error}. ": $@\n"; } eval require "../lib/libsession.pl"; # contains login/ checkPassword/ checkCookieTime functions if ( $@ ) { print $lex{Error}. " $@
\n"; die $lex{Error}. " $@
\n"; } my $dsn = "DBI:$dbtype:dbname=$dbase"; my $dbh = DBI->connect($dsn,$user,$password); $dbh->{mysql_enable_utf8} = 1; # foreach my $key ( sort keys %arr ) { print qq{K:$key V:$arr{$key}
\n}; } if ( not $arr{page} or $arr{page} == -1 ) { print $q->header( -charset, $charset ); printHTMLHeader(); showStartPage(); } elsif ( $arr{page} == 1 ) { delete $arr{page}; doLogin(); } elsif ( $arr{page} == 2 ) { delete $arr{page}; doLogout(); } #---------------- sub showStartPage { #---------------- my $userid_env = $ENV{'REMOTE_USER'}; print qq{

$lex{User} $lex{'Log In'}

\n}; print qq{\n}; exit; } #----------- sub doLogout { #----------- # $dbtype set in admin.conf my $session = new CGI::Session("driver:mysql;serializer:FreezeThaw", undef,{Handle => $dbh}) or die CGI::Session->errstr; my $userid = $session->{userid}; $session->param('logged_in', '0'); $session->flush; print $q->header( -charset, $charset ); printHTMLHeader(); print qq{

$lex{User}: $userid - $lex{'Log Out'}

\n}; print qq{

}; print qq{\n}; exit; } #---------- sub doLogin { #---------- my $session = new CGI::Session("driver:mysql;serializer:FreezeThaw", undef,{Handle => $dbh}) or die CGI::Session->errstr; # Set Session Values; # my $userid_env = $ENV{'REMOTE_USER'}; my $userid = $arr{userid}; # Check password/userid against database (-1 no user, -2 wrong password; my $error = checkPassword( $userid, $arr{password}, $dbh); if ($error == -1){ print $q->header( -charset, $charset ); print qq{

$lex{'No Userid Found'}

\n}; print qq{\n}; exit; } if ($error == -2){ print $q->header( -charset, $charset ); print qq{

$lex{'Incorrect Password'}

\n}; print qq{\n}; exit; } my $cookietime = checkCookieTime($arr{duration}); # Set values for userid, logged_in and duration in session $session->param('logged_in','1'); $session->expire('logged_in',$cookietime); $session->param('userid',$userid ); $session->param('duration', $cookietime ); # was $arr{duration} # The duration value in the session has cookie markup: +20m format. # Now print page header... print $session->header( -charset, $charset ); printHTMLHeader(); print qq{

$lex{User} $lex{'Log In'}

\n}; my $sth = $dbh->prepare("select firstname, lastname from staff where userid = ?"); $sth->execute($arr{userid}); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my ($firstname, $lastname) = $sth->fetchrow; print qq{$firstname $lastname
$lex{'Logged In'}
\n}; if ( $arr{script} ) { print qq{\n}; } =head else { # Print Close Form button print qq{

}; } =cut print qq{\n}; exit; } #------------------ sub printHTMLHeader { #------------------ # Print Page Heading print qq{$doctype\n$title\n}; print qq{\n}; print qq{[$lex{Main} ]\n}; if ( $arr{user} ) { # if user, jump to the password field. print qq{\n}; } else { print qq{\n}; } return; }

$lex{'User Id'}
$lex{Password}
$lex{Duration}	$lex{min}
\n}; print qq{