ASNMTAP
view release on metacpan or search on metacpan
lib/ASNMTAP/Asnmtap/Applications/CGI.pm view on Meta::CPAN
my $Tpagedir = (defined $session->param('pagedir')) ? $session->param('pagedir') : '<NIHIL>';
my $accessGranted = 0;
my ($Rpagedir, undef) = split (/\//, $pagedir, 2);
if ($level eq 'sadmin') { # Server Administrator
$accessGranted = 1 if ($TuserType == 8);
} elsif ($level eq 'admin') { # Administrator
$accessGranted = 1 if ($TuserType >= 4);
} elsif ($level eq 'moderator') { # Moderator
$accessGranted = 1 if ($TuserType >= 2);
} elsif ($level eq 'member') { # Member
$accessGranted = 1 if ($TuserType >= 1 and $pagedir ne '<NIHIL>' and ($Tpagedir =~ /\/$Rpagedir\//));
} else { # Guest
$accessGranted = 1 if ($pagedir ne '<NIHIL>' and ($Tpagedir =~ /\/$Rpagedir\//));
}
$subTitle = setAccessControlParameters( $level, $pagedir, $pageset, $debug, $cgi, $session, $sessionID, $subTitle, $queryString );
return ($sessionID, $session->param('iconAdd'), $session->param('iconDelete'), $session->param('iconDetails'), $session->param('iconEdit'), $session->param('iconQuery'), $session->param('iconTable'), $errorUserAccessControl, $session->param('remo...
print_header (*STDOUT, $pagedir, $pageset, $htmlTitle, $subTitle, 3600, '', 'F', '', $sessionID);
$errorUserAccessControl = "You don\'t have enough permissions!";
print "<br>\n<table WIDTH=\"100%\" border=0><tr><td class=\"HelpPluginFilename\">\n<font size=\"+1\">$errorUserAccessControl</font>\n</td></tr></table>\n<br>\n";
return ("", 0, 0, 0, 0, 1, 1, $errorUserAccessControl, undef, undef, undef, undef, undef, undef, undef, undef, undef, undef, undef, $subTitle);
}
$session->param('~logged-in', 0);
$session->param('ASNMTAP', 'LEXY');
$session->param('iconAdd', 0);
$session->param('iconDelete', 0);
$session->param('iconDetails', 0);
$session->param('iconEdit', 0);
$session->param('iconQuery', 1);
$session->param('iconTable', 1);
if ($level eq 'sadmin') { # Server Administrator
$session->expire('+15m'); # expire after 15 minutes
$userType = 8;
} elsif ($level eq 'admin') { # Administrator
$session->expire('+30m'); # expire after 30 minutes
$userType = 4;
} elsif ($level eq 'moderator') { # Moderator
$session->expire('+1h'); # expire after 1 hour
$userType = 2;
} elsif ($level eq 'member') { # Member
$session->expire('+10h'); # expire after 10 hours
$userType = 1;
} else { # Guest
$session->expire('+10h'); # expire after 10 hours
$userType = 0;
}
my $logonRequest = ($cgi->param('logonRequest') or "logonView");
if( $logonRequest eq "logonView" or $logonRequest eq "logonCheck" ) {
my $logonPassword = ($cgi->param('logonPassword') or undef);
my $logonTimestamp = ($cgi->param('logonTimestamp') or undef);
my $loginTrials = ($session->param('~login-trials') or 0);
if ( $loginTrials >= 3 ) {
$errorUserAccessControl = "You failed 3 times in a row.<br>Your session is blocked.<br>Please contact us with the details of your action";
} elsif( $logonRequest eq "logonCheck" ) {
my ($CremoteUser, $CremoteAddr, $CremoteNetmask, $CgivenName, $CfamilyName, $Cemail, $Cpassword, $CuserType, $Cpagedir, $Cactivated, $CkeyLanguage);
$CremoteUser = ($cgi->param('remoteUser') or undef);
$session->param('remoteUser', $CremoteUser) if (defined $CremoteUser);
$CuserType = 0;
if (defined $CremoteUser and defined $logonPassword and defined $logonTimestamp) {
my $rv = 1;
if (defined $CremoteUser) {
my ($dbh, $sth, $sql);
$dbh = DBI->connect("dbi:mysql:$DATABASE:$SERVERNAMEREADWRITE:$SERVERPORTREADWRITE", "$SERVERUSERREADWRITE", "$SERVERPASSREADWRITE" ) or $rv = error_trap_DBI(*STDOUT, "Cannot connect to the database", $debug, $pagedir, $pageset, $htmlTitle,...
if ($dbh and $rv) {
$sql = "select remoteAddr, remoteNetmask, givenName, familyName, email, password, userType, pagedir, activated, keyLanguage from $SERVERTABLUSERS where catalogID = '$CATALOGID' and remoteUser = '$CremoteUser'";
$sth = $dbh->prepare( $sql ) or $rv = error_trap_DBI(*STDOUT, "Cannot dbh->prepare: $sql", $debug, $pagedir, $pageset, $htmlTitle, 'Logon', 3600, '', $sessionID);
$sth->execute() or $rv = error_trap_DBI(*STDOUT, "Cannot sth->execute: $sql", $debug, $pagedir, $pageset, $htmlTitle, 'Logon', 3600, '', $sessionID) if $rv;
if ( $rv ) {
if ($sth->rows) {
($CremoteAddr, $CremoteNetmask, $CgivenName, $CfamilyName, $Cemail, $Cpassword, $CuserType, $Cpagedir, $Cactivated, $CkeyLanguage) = $sth->fetchrow_array() or $rv = error_trap_DBI(*STDOUT, "Cannot $sth->fetchrow_array: $sql", $debug, ...
if ( $rv ) {
$errorUserAccessControl = "Remote User '$CremoteUser' not yet activated." if ($Cactivated != 1);
} else {
$errorUserAccessControl = "Problems with retreiving data from the MySQL database.";
}
} else {
$errorUserAccessControl = "Remote User '$CremoteUser' invalid.";
}
$sth->finish() or $rv = error_trap_DBI(*STDOUT, "Cannot sth->finish: $sql", $debug, $pagedir, $pageset, $htmlTitle, 'Logon', 3600, '', $sessionID) if $rv;
} else {
$errorUserAccessControl = "Problems with a MySQL database statement.";
}
} else {
$errorUserAccessControl = "Problems with the MySQL database.";
}
} else {
$errorUserAccessControl = "Remote User missing.";
}
my $currentTime = time();
if (defined $errorUserAccessControl) {
$errorUserAccessControl .= "<br>Please contact us with the details of your action.";
unless ( $rv ) {
print "<br>\n<table WIDTH=\"100%\" border=0><tr><td class=\"HelpPluginFilename\">\n<font size=\"+1\">$errorUserAccessControl</font>\n</td></tr></table>\n<br>\n";
return ("", 0, 0, 0, 0, 1, 1, $errorUserAccessControl, undef, undef, undef, undef, undef, undef, undef, undef, undef, undef, undef, $subTitle);
}
} elsif ( $Cpassword ne $logonPassword ) {
$errorUserAccessControl = "Bad password";
} elsif( $logonTimestamp > $currentTime or $logonTimestamp < ($currentTime - 300) ) {
$errorUserAccessControl = "Time stamp invalid";
} else {
if ( $ENV{REMOTE_ADDR} ) {
if ( $CremoteAddr ne '' ) {
use NetAddr::IP;
my $netmask = (int($CremoteNetmask) or 32);
( run in 0.538 second using v1.01-cache-2.11-cpan-d8267643d1d )