PageRenderTime 27ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/SMMID/Login.pm

https://github.com/solgenomics/SMMID
Perl | 669 lines | 557 code | 76 blank | 36 comment | 27 complexity | aa21d1d8141017b1890d351b5fd0e092 MD5 | raw file
    

  1. 

  2. =head1 NAME
    3. 

  3. 

  4. SMMID::Login - deal with browser site login
    5. 

  5. 

  6. =head1 DESCRIPTION
    7. 

  7. 

  8. This is an object which handles logging users in and out of our sites.
    9. 

  9. 

  10. =head1 EXAMPLES
    11. 

  11. 

  12.     #example 1
    13. 

  13.     #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
    14. 

  14.     #if they are logged in, you will get their person id and your code will continue to execute.
    15. 

  15.     my $person_id=CXGN::Login->new()->verify_session();
    16. 

  16. 

  17.     #example 2
    18. 

  18.     #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
    19. 

  19.     #if they are logged in, you will get their person id and user type and your code will continue to execute.
    20. 

  20.     my($person_id,$user_type)=CXGN::Login->new($dbh)->verify_session();
    21. 

  21. 

  22.     #example 3
    23. 

  23.     #let everyone view this page, but if they are logged in, get their person id so you can give them a customized page. your code will
    24. 

  24.     #continue execution after this line no matter what.
    25. 

  25.     my $person_id=CXGN::Login->new($dbh)->has_session();
    26. 

  26. 

  27.     #example 4
    28. 

  28.     #let everyone view this page, but if they are logged in, get their person id and user type so you can give them a customized page.
    29. 

  29.     #your code will continue execution after this line no matter what.
    30. 

  30.     my($person_id,$user_type)=CXGN::Login->new($dbh)->has_session();
    31. 

  31. 

  32. =head1 AUTHOR
    33. 

  33. 

  34. John Binns <zombieite@gmail.com>
    35. 

  35. 

  36. =cut
    37. 

  37. 

  38. package SMMID::Login;
    39. 

  39. 

  40. use Moose;
    41. 

  41. 

  42. use Digest::MD5 qw(md5);
    43. 

  43. use String::Random;
    44. 

  44. use DateTime;
    45. 

  45. use DateTime::Format::ISO8601;
    46. 

  46. 

  47. our $LOGIN_COOKIE_NAME = 'smmid_session_id';
    48. 

  48. our $LOGIN_PAGE        = '/user/login';
    49. 

  49. our $LOGIN_TIMEOUT     = 7200;                    #seconds for login to timeout
    50. 

  50. our $DBH;
    51. 

  51. our $EXCHANGE_DBH = 1;
    52. 

  52. 

  53. has 'schema' => ( isa => 'Ref', is => 'rw');
    54. 

  54. 

  55. has 'disable_login' => ( isa => 'Bool', is =>'rw' );
    56. 

  56. 

  57. has 'is_mirror' => ( isa => 'Bool', is => 'rw' );
    58. 

  58. 

  59. has 'cookie_string' => (isa => 'Str', is => 'rw');
    60. 

  60. 

  61. has 'login_info' => (isa => 'HashRef', is => 'rw');
    62. 

  62. 

  63. has 'login_cookie' => (isa => 'Str', is => 'rw');
    64. 

  64. 

  65. 

  66. 

  67. =head2 constructor new()
    68. 

  68. 

  69.  Usage:        my $login = SMMID::Login->new( { schema => $schema, cookie_string )
    70. 

  70.  Desc:         creates a new login object
    71. 

  71.  Ret:
    72. 

  72.  Args:         a database handle
    73. 

  73.  Side Effects: connects to database
    74. 

  74.  Example:
    75. 

  75. 

  76. =cut
    77. 

  77. 

  78. =head2 get_login_status
    79. 

  79. 

  80.  Usage:        my %logged_in_status = $login -> get_login_status();
    81. 

  81.  Desc:         a member function. This was changed on 5/1/2009.
    82. 

  82.  Ret:          a hash with user_type as a key and count of logins as a value
    83. 

  83.  Args:         none
    84. 

  84.  Side Effects: accesses the database
    85. 

  85.  Example:
    86. 

  86. 

  87. =cut
    88. 

  88. 

  89. sub get_login_status {
    90. 

  90.     my $self = shift;
    91. 

  91. 

  92.     my $sth = $self->get_sql("stats_aggregate");
    93. 

  93. 

  94. 

  95.     $sth->execute($LOGIN_TIMEOUT);
    96. 

  96. 

  97.     my %logins = ();
    98. 

  98.     while ( my ( $user_type, $count ) = $sth->fetchrow_array() ) {
    99. 

  99.         $logins{$user_type} = $count;
    100. 

  100.     }
    101. 

  101.     if ( !$logins{curator} )   { $logins{curator}   = "none"; }
    102. 

  102.     if ( !$logins{submitter} ) { $logins{submitter} = "none"; }
    103. 

  103.     if ( !$logins{user} )      { $logins{user}      = "none"; }
    104. 

  104. 

  105.     $sth = $self->get_sql("stats_private");
    106. 

  106.     $sth->execute($LOGIN_TIMEOUT);
    107. 

  107. 

  108.     $logins{detailed} = {};
    109. 

  109.     while ( my ( $user_type, $username, $contact_email ) =
    110. 

  110.         $sth->fetchrow_array() )
    111. 

  111.     {
    112. 

  112.         $logins{detailed}->{$user_type}->{$username}->{contact_email} =
    113. 

  113.           $contact_email;
    114. 

  114.     }
    115. 

  115. 

  116.     if (wantarray) {
    117. 

  117.         return %logins;
    118. 

  118.     }
    119. 

  119.     else {
    120. 

  120.         return \%logins;
    121. 

  121.     }
    122. 

  122. }
    123. 

  123. 

  124. # =head2 get_login_info
    125. 

  125. 

  126. #  Usage:         $login->get_login_info()
    127. 

  127. #  Desc:
    128. 

  128. #  Ret:
    129. 

  129. #  Args:
    130. 

  130. #  Side Effects:
    131. 

  131. #  Example:
    132. 

  132. 

  133. # =cut
    134. 

  134. 

  135. # sub get_login_info {
    136. 

  136. #     my $self = shift;
    137. 

  137. #     return $self->{login_info};
    138. 

  138. # }
    139. 

  139. 

  140. =head2 verify_session
    141. 

  141. 

  142.  Usage:        $login->verify_session($user_type)
    143. 

  143.  Desc:         checks whether a user is logged in currently and
    144. 

  144.                is of the minimum user type $user_type.
    145. 

  145.                user types have the following precedence:
    146. 

  146.                user < submitter < sequencer < curator
    147. 

  147.  Ret:          the person_id, if a session exists
    148. 

  148.  Args:         a minimum user type required to access the page
    149. 

  149.  Side Effects: redirects the website to the login page if no login
    150. 

  150.                is currently defined.
    151. 

  151.  Example:
    152. 

  152. 

  153. =cut
    154. 

  154. 

  155. sub verify_session {
    156. 

  156.     my $self = shift;
    157. 

  157.     my ($user_must_be_type) = @_;
    158. 

  158.     my ( $person_id, $user_type ) = $self->has_session();
    159. 

  159.     if ($person_id) {    #if they have a session
    160. 

  160.         if ($user_must_be_type)
    161. 

  161.         {                #if there is a type that they must be to view this page
    162. 

  162. 

  163.             if ( $user_must_be_type ne $user_type )
    164. 

  164.             {            #if they are not the required type, send them away
    165. 

  165. 

  166.                 return;
    167. 

  167.             }
    168. 

  168.         }
    169. 

  169.     }
    170. 

  170.     else {               #else they do not have a session, so send them away
    171. 

  171. 

  172.         return;
    173. 

  173.     }
    174. 

  174.     if (wantarray)
    175. 

  175.     { #if they are trying to get both pieces of info, give it to them, in array context
    176. 

  176. 

  177.         return ( $person_id, $user_type );
    178. 

  178.     }
    179. 

  179.     else {    #else they just care about the login id
    180. 

  180. 

  181.         return $person_id;
    182. 

  182.     }
    183. 

  183. }
    184. 

  184. 

  185. =head2 has_session ()
    186. 

  186. 

  187. if the user is not logged in, the return value is false;
    188. 

  188. else it's the person ID if in scalar context, or (person ID, user type) in array context
    189. 

    190. 

  190. =cut
    191. 

  191. 

  192. sub has_session {
    193. 

  193.     my $self = shift;
    194. 

  194. 

  195.     print STDERR "has_session()...\n";
    196. 

  196.     #if people are not allowed to be logged in, return
    197. 

  197.     if ( !$self->login_allowed() ) {
    198. 

  198. 	print STDERR "LOGIN NOT ALLOWED.\n";
    199. 

  199.         return;
    200. 

  200.     }
    201. 

  201. 

  202.     #if they have no cookie, they are not logged in
    203. 

  203.     unless ($self->cookie_string()) {
    204. 

  204. 	print STDERR "NO COOKIE\n";
    205. 

  205.         return;
    206. 

  206.     }
    207. 

  207.     else {
    208. 

  208. 	print STDERR "We have a cookie (".$self->cookie_string().")!!!\n";
    209. 

  209.     }
    210. 

  210. 

  211.     my ( $dbuser_id, $user_type, $user_prefs, $expired ) =
    212. 

  212.       $self->query_from_cookie($self->cookie_string());
    213. 

  213. 

  214.     #if cookie string is not found, they are not logged in
    215. 

  215.     unless ( $dbuser_id ) {
    216. 

  216. 	print STDERR "We have no person id and user type( $dbuser_id)\n";
    217. 

  217.         return;
    218. 

  218.     }
    219. 

  219. 

  220.     #if their cookie is good but their timestamp is old, they are not logged in
    221. 

  221.     if ($expired) {
    222. 

  222. 	print STDERR "The cookie is expired. Sorry!\n";
    223. 

  223.         return;
    224. 

  224.     }
    225. 

  225. 

  226.     ################################
    227. 

  227.     # Ok, they are logged in! yay! #
    228. 

  228.     ################################
    229. 

  229. 

  230.     my $login_info = {
    231. 

  231. 	person_id => $dbuser_id,
    232. 

  232. 	cookie_string => $self->cookie_string(),
    233. 

  233. 	user_type => $user_type,
    234. 

  234.     };
    235. 

  235. 

  236.     #$self->set_login_info($login_info);
    237. 

  237. 

  238.     $self->update_timestamp($dbuser_id);
    239. 

  239. 

  240. #if they are trying to get both pieces of info, give it to them, in array context
    241. 

  241.     if (wantarray) {
    242. 

  242.         return ( $dbuser_id, $user_type );
    243. 

  243.     }
    244. 

  244. 

  245.     #or they just care about the login id
    246. 

  246.     else {
    247. 

  247.         return $dbuser_id;
    248. 

  248.     }
    249. 

  249. }
    250. 

  250. 

  251. sub query_from_cookie {
    252. 

  252.     my $self          = shift;
    253. 

  253.     my $cookie_string = shift;
    254. 

  254. 

  255.     my @result = (undef, undef, undef, undef);
    256. 

  256. 

  257. 

  258.     my $row = $self->user_from_cookie_string();
    259. 

  259. 

  260.     my $expired = 0;
    261. 

  261.     if ($row && $self->cookie_string()) {
    262. 

  262. 

  263. 	@result = ($row->dbuser_id(), $row->user_type(), $row->user_prefs(), $row->last_access_time());
    264. 

  264. 

  265. 	if ($result[2]) {
    266. 

  266. 	    my $iso8601 = DateTime::Format::ISO8601->new;
    267. 

  267. 	    my $last_access_time = $iso8601->parse_datetime( $result[2] );
    268. 

  268. 

  269. 	    my $current_time = DateTime->now();
    270. 

  270. 

  271. 	    my $seconds_since_last_login = $current_time->epoch()-$last_access_time->epoch();
    272. 

  272. 

  273. 	    print STDERR "SECONDS SINCE LAST LOGIN : $seconds_since_last_login\n";
    274. 

  274. 	    if ($seconds_since_last_login > $LOGIN_TIMEOUT) {
    275. 

  275. 		print STDERR "LOGOUT IS EXPIRED!\n";
    276. 

  276. 		$expired =1;
    277. 

  277. 	    }
    278. 

  278. 	}
    279. 

  279. 

  280. 

  281.     }
    282. 

  282. 

  283.     if (wantarray) {
    284. 

  284.         return ($result[0], $result[1], $result[2], $expired);
    285. 

  285.     }
    286. 

  286.     else {
    287. 

  287.         return $row->dbuser_id();
    288. 

  288.     }
    289. 

  289. }
    290. 

  290. 

  291. sub user_from_cookie_string {
    292. 

  292.     my $self = shift;
    293. 

  293. 

  294.     my $row = $self->schema()->resultset('SMIDDB::Result::Dbuser')->find( { cookie_string => $self->cookie_string() } );
    295. 

  295. 

  296.     if (!$row) { return; }
    297. 

  297. 

  298.     else {
    299. 

  299. 	return $row;
    300. 

  300.     }
    301. 

  301. 

  302. }
    303. 

  303. 

  304. sub user_from_credentials {
    305. 

  305.     my $self = shift;
    306. 

  306.     my $username = shift;
    307. 

  307.     my $password = shift;
    308. 

  308. 

  309.     if ($username && $password) {
    310. 

  310. 	     my $user_h = $self->schema()
    311. 

  311. 	    ->storage
    312. 

  312. 	    ->dbh()
    313. 

  313. 	    ->prepare("SELECT dbuser_id FROM dbuser WHERE username=? and password=crypt(?, password)");
    314. 

  314. 

  315. 	$user_h->execute($username, $password);
    316. 

  316. 

  317. 	if (my ($user_id) = $user_h->fetchrow_array()) {
    318. 

  318. 	    my $row = $self->schema()->resultset("SMIDDB::Result::Dbuser")->find( { dbuser_id => $user_id } );
    319. 

  319. 	    return $row;
    320. 

  320. 	}
    321. 

  321.     }
    322. 

  322.     return undef;
    323. 

  323. }
    324. 

  324. 

  325. sub exists_user {
    326. 

  326.     my $self = shift;
    327. 

  327.     my $username = shift;
    328. 

  328. 

  329.     if ($username) {
    330. 

  330. 	my $row = $self->schema()->resultset("SMIDDB::Result::Dbuser")->find( { username => { ilike => $username } }  );
    331. 

  331. 

  332. 	if ($row) {
    333. 

  333. 	    return $row;
    334. 

  334. 	}
    335. 

  335. 	else {
    336. 

  336. 	    return 0;
    337. 

  337. 	}
    338. 

  338.     }
    339. 

  339.     return 0;
    340. 

  340. 

  341. }
    342. 

  342. 

  343. sub login_allowed {
    344. 

  344.     my $self = shift;
    345. 

  345. 

  346. #conditions for allowing logins:
    347. 

  347. #
    348. 

  348. #    1. configuration 'disable_login' must be 0 or undef
    349. 

  349. #    2. configuration 'is_mirror' must be 0 or undef
    350. 

  350. #    3. configuration 'dbname' must not be 'sandbox' if configuration 'production_server' is 1
    351. 

  351. #     -- the reason for this is that if users can log in, they must be able to log in to the REAL database,
    352. 

  352. #        not some mirror or some sandbox, because logged-in users can CHANGE data in the database and we
    353. 

  353. #        don't want to lose or ignore those changes.
    354. 

  354.     if (
    355. 

  355.             !$self->disable_login()
    356. 

  356.         and !$self->is_mirror()
    357. 

  357. 

  358. #we haven't decided whether it's a good idea to comment this next line by default -- Evan
    359. 

  359. #        and !(
    360. 

  360. #                $self->{conf_object}->get_conf('dbname') =~ /sandbox/
    361. 

  361. #            and $self->{conf_object}->get_conf('production_server')
    362. 

  362. #        )
    363. 

  363.       )
    364. 

  364.     {
    365. 

  365.         return 1;
    366. 

  366.     }
    367. 

  367.     else {
    368. 

  368.         return 0;
    369. 

  369.     }
    370. 

  370. }
    371. 

  371. 

  372. =head2 login_user
    373. 

  373. 

  374.  Usage:        $login->login_user($username, $password);
    375. 

  375.  Desc:
    376. 

  376.  Ret:
    377. 

  377.  Args:
    378. 

  378.  Side Effects:
    379. 

  379.  Example:
    380. 

  380. 

  381. =cut
    382. 

  382. 

  383. sub login_user {
    384. 

  384.     my $self = shift;
    385. 

  385.     my $username = shift;
    386. 

  386.     my $password = shift;
    387. 

  387. 

  388.     print STDERR "Logging in user $username with password XXXXXXXX\n";
    389. 

  389.     my $login_info;    #information about whether login succeeded, and if not, why not
    390. 

  390. 

  391.     if ( ! $username) {
    392. 

  392. 	$login_info->{error} = "Please provide a username.";
    393. 

  393.     }
    394. 

  394. 

  395.     elsif (! $password) {
    396. 

  396. 	$login_info->{error} = "Please provide a password.";
    397. 

  397.     }
    398. 

  398.     else {
    399. 

  399. 

  400. 	my $row = $self->user_from_credentials($username, $password);
    401. 

  401. 

  402. 	print STDERR "NOW LOGGING IN USER $username\n";
    403. 

  403.         #my $num_rows = $sth->execute( $username, $password );
    404. 

  404. 	if (! $row) {
    405. 

  405. 	    $login_info->{error} = "Incorrect password or user information.";
    406. 

  406. 	    return $login_info;
    407. 

  407. 	}
    408. 

  408. 

  409. 	#my ( $person_id, $disabled, $user_prefs, $first_name, $last_name ) = $sth->fetchrow_array();
    410. 

  410. 	my ( $person_id, $disabled, $user_prefs, $first_name, $last_name ) = (
    411. 

  411. 	    $row->dbuser_id,
    412. 

  412. 	    $row->disabled,
    413. 

  413. 	    $row->first_name,
    414. 

  414. 	    $row->user_prefs,
    415. 

  415. 	    $row->last_name,
    416. 

  416. 	    );
    417. 

  417. 

  418. 	print STDERR "FOUND: $person_id\n";
    419. 

  419. #        if ( $num_rows > 1 ) {
    420. 

  420. #            die "Duplicate entries found for username '$username'";
    421. 

  421. #        }
    422. 

  422.         if ($disabled) {
    423. 

  423.             $login_info->{account_disabled} = $disabled;
    424. 

  424.         }
    425. 

  425.         else {
    426. 

  426. 	    print STDERR "Generating new login cookie...\n";
    427. 

  427.             $login_info->{user_prefs} = $user_prefs;
    428. 

  428.             if ($person_id) {
    429. 

  429.                 my $new_cookie_string =
    430. 

  430.                   String::Random->new()
    431. 

  431.                   ->randpattern(
    432. 

  432. "ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
    433. 

  433.                   );
    434. 

  434. 		my $row = $self->schema()->resultset("SMIDDB::Result::Dbuser")->find( { dbuser_id => $person_id });
    435. 

  435. 		$row->update(
    436. 

  436. 		    {
    437. 

  437. 			cookie_string => $new_cookie_string
    438. 

  438. 		    });
    439. 

  439. 

  440. 		$login_info->{person_id}     = $person_id;
    441. 

  441. 		$login_info->{first_name}     = $first_name;
    442. 

  442. 		$login_info->{last_name}     = $last_name;
    443. 

  443. 		$login_info->{cookie_string} = $new_cookie_string;
    444. 

  444.             }
    445. 

  445.             else {
    446. 

  446.                 $login_info->{incorrect_password} = 1;
    447. 

  447.             }
    448. 

  448.         }
    449. 

  449.     }
    450. 

  450. 

  451.     $self->{login_info} = $login_info;
    452. 

  452.     return $login_info;
    453. 

  453. }
    454. 

  454. 

  455. =head2 function logout_user()
    456. 

  456. 

  457.  Usage:        $login->logout_user();
    458. 

  458.  Desc:         log out the current logged in user
    459. 

  459.  Ret:          nothing
    460. 

  460.  Args:         none
    461. 

  461.  Side Effects: resets the cookie to empty
    462. 

  462.  Example:
    463. 

  463. 

  464. =cut
    465. 

  465. 

  466. sub logout_user {
    467. 

  467.     my $self   = shift;
    468. 

  468.     my $cookie = $self->cookie_string();
    469. 

  469.     if ($cookie) {
    470. 

  470. 

  471. 	    my $row = $self->schema()->resultset("Dbuser")->find( { cookie_string => $cookie });
    472. 

  472. 

  473. 	$row->update( { cookie_string => "", last_access_time => $self->now() });
    474. 

  474. 

  475. 	# controller needs to set the cookie
    476. 

  476.         ###CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME, "" );
    477. 

  477.     }
    478. 

  478. }
    479. 

  479. 

  480. =head2 update_timestamp
    481. 

  481. 

  482.  Usage:        $login->update_timestamp();
    483. 

  483.  Desc:         updates the timestamp, such that users don't
    484. 

  484.                get logged out when they are active on the site.
    485. 

  485.  Ret:          nothing
    486. 

  486.  Args:         none
    487. 

  487.  Side Effects: accesses the database to change the timeout status.
    488. 

  488.  Example:
    489. 

  489. 

  490. =cut
    491. 

  491. 

  492. sub update_timestamp {
    493. 

  493.     my $self   = shift;
    494. 

  494.     my $dbuser_id = shift;
    495. 

  495. 

  496.     my $cookie = $self->cookie_string();
    497. 

  497.     if ($cookie) {
    498. 

  498.         # my $sth = $self->get_sql("refresh_cookie");
    499. 

  499. 

  500.         #   "	UPDATE
    501. 

  501. 	# 			sgn_people.sp_person
    502. 

  502. 	# 		SET
    503. 

  503. 	# 			last_access_time=current_timestamp
    504. 

  504. 	# 		WHERE
    505. 

  505. 	# 			cookie_string=?",
    506. 

    507. 

  507. 	my $row = $self->schema()->resultset("SMIDDB::Result::Dbuser")->find( { dbuser_id => $dbuser_id });
    508. 

  508. 	$row->update( { last_access_time => $self->now() });
    509. 

  509. 

  510.     }
    511. 

  511. }
    512. 

  512. 

  513. 

  514. sub now {
    515. 

  515.     my $self = shift;
    516. 

  516.     my $now = DateTime->now();
    517. 

  517.     return $now->ymd()."T".$now->hms();
    518. 

  518. }
    519. 

  519. 

  520. # =head2 get_login_cookie
    521. 

  521. 

  522. #  Usage:        my $cookie = $login->get_login_cookie();
    523. 

  523. #  Desc:         returns the cookie for the current login
    524. 

  524. #  Args:         none
    525. 

  525. #  Side Effects:
    526. 

  526. #  Example:
    527. 

  527. 

  528. # =cut
    529. 

  529. 

  530. # sub get_login_cookie {
    531. 

  531. #     my $self = shift;
    532. 

  532. #     return CXGN::Cookie::get_cookie($LOGIN_COOKIE_NAME);
    533. 

  533. # }
    534. 

  534. 

  535. =head2 login_page_and_exit
    536. 

  536. ##DEPRECATED: redirect should happen in a catalyst controller, not in an object like CXGN::Login
    537. 

  537. 

  538.  Usage:        $login->login_page_and_exit();
    539. 

  539.  Desc:         redirects to the login page.
    540. 

  540.  Ret:
    541. 

  541.  Args:
    542. 

  542.  Side Effects:
    543. 

  543.  Example:
    544. 

  544. 

  545. =cut
    546. 

  546. 

  547. #sub login_page_and_exit {
    548. 

  548. #    my $self = shift;
    549. 

  549.     #CGI redirect crashes server when used from a catalyst controller.
    550. 

  550.     #Redirecting should happen in controller, not in an object like CXGN::Login
    551. 

  551.     #print CGI->new->redirect( -uri => $LOGIN_PAGE, -status => 302 );
    552. 

  552.     #exit;
    553. 

  553. #}
    554. 

  554. 

  555. ###
    556. 

  556. ### helper function. SQL should probably be moved to the CXGN::People::Login class
    557. 

  557. ###
    558. 

  558. 

  559. sub set_sql {
    560. 

  560.     my $self = shift;
    561. 

  561. 

  562.     $self->{queries} = {
    563. 

  563. 

  564.         user_from_cookie =>    #send: session_time_in_secs, cookiestring
    565. 

  565. 

  566.           "	SELECT
    567. 

  567. 				sp_person_id,
    568. 

  568. 				sgn_people.sp_roles.name as user_type,
    569. 

  569. 				user_prefs,
    570. 

  570. 				extract (epoch FROM current_timestamp-last_access_time)>? AS expired
    571. 

  571. 			FROM
    572. 

  572. 				sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) join sgn_people.sp_roles using(sp_role_id)
    573. 

  573. 			WHERE
    574. 

  574. 				cookie_string=?
    575. 

  575.                         ORDER BY sp_role_id
    576. 

  576.                         LIMIT 1",
    577. 

    578. 

  578.         user_from_uname_pass =>
    579. 

  579. 

  580.            "	SELECT
    581. 

  581. 				sp_person_id, disabled, user_prefs, first_name, last_name
    582. 

  582. 			FROM
    583. 

  583. 				sgn_people.sp_person
    584. 

  584. 			WHERE
    585. 

  585. 				UPPER(username)=UPPER(?)
    586. 

  586. 				AND (sp_person.password = crypt(?, sp_person.password))",
    587. 

    588. 

  588.         cookie_string_exists =>
    589. 

  589. 

  590.           "	SELECT
    591. 

  591. 				cookie_string
    592. 

  592. 			FROM
    593. 

  593. 				sgn_people.sp_person
    594. 

  594. 			WHERE
    595. 

  595. 				cookie_string=?",
    596. 

    597. 

  597.         login =>    #send: cookie_string, sp_person_id
    598. 

  598. 

  599.           "	UPDATE
    600. 

  600. 				sgn_people.sp_person
    601. 

  601. 			SET
    602. 

  602. 				cookie_string=?,
    603. 

  603. 				last_access_time=current_timestamp
    604. 

  604. 			WHERE
    605. 

  605. 				sp_person_id=?",
    606. 

    607. 

  607.         logout =>    #send: cookie_string
    608. 

  608. 

  609.           "	UPDATE
    610. 

  610. 				sgn_people.sp_person
    611. 

  611. 			SET
    612. 

  612. 				cookie_string=null,
    613. 

  613. 				last_access_time=current_timestamp
    614. 

  614. 			WHERE
    615. 

  615. 				cookie_string=?",
    616. 

    617. 

  617.         refresh_cookie =>    #send: cookie_string  (updates the timestamp)
    618. 

  618. 

  619.           "	UPDATE
    620. 

  620. 				sgn_people.sp_person
    621. 

  621. 			SET
    622. 

  622. 				last_access_time=current_timestamp
    623. 

  623. 			WHERE
    624. 

  624. 				cookie_string=?",
    625. 

    626. 

  626.         stats_aggregate => #send:  session_timeout_in_secs (gets aggregate login data)
    627. 

  627. 

  628.           "	SELECT
    629. 

  629. 				sp_roles.name, count(*)
    630. 

  630. 			FROM
    631. 

  631. 				sgn_people.sp_person
    632. 

  632.                         JOIN    sgn_people.sp_person_roles USING(sp_person_id)
    633. 

  633.                         JOIN    sgn_people.sp_roles USING(sp_role_id)
    634. 

  634. 

  635. 			WHERE
    636. 

  636. 				last_access_time IS NOT NULL
    637. 

  637. 				AND cookie_string IS NOT NULL
    638. 

  638. 				AND extract(epoch from now()-last_access_time)<?
    639. 

  639. 			GROUP BY
    640. 

  640. 				sp_roles.name",
    641. 

    642. 

  642.         stats_private => #send: session_timeout_in_secs (gets all logged-in users)
    643. 

  643. 

  644.           "	SELECT
    645. 

  645. 				sp_roles.name as user_type, username, contact_email
    646. 

  646. 			FROM
    647. 

  647. 				sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) JOIN sgn_people.sp_roles using (sp_role_id)
    648. 

  648. 			WHERE
    649. 

  649. 				last_access_time IS NOT NULL
    650. 

  650. 				AND cookie_string IS NOT NULL
    651. 

  651. 				AND extract(epoch from now()-last_access_time)<?",
    652. 

    653. 

  653.     };
    654. 

  654. 

  655.     while ( my ( $name, $sql ) = each %{ $self->{queries} } ) {
    656. 

  656.         $self->{query_handles}->{$name} = $self->get_dbh()->prepare($sql);
    657. 

  657.     }
    658. 

  658. 

  659. }
    660. 

  660. 

  661. sub get_sql {
    662. 

  662.     my $self = shift;
    663. 

  663.     my $name = shift;
    664. 

  664.     return $self->{query_handles}->{$name};
    665. 

  665. }
    666. 

  666. 

  667. ###
    668. 

  668. 1;    #do not remove
    669. 

  669. ###
    670. 

  670.