Fix for 1431, checking userid is unique

Signed-off-by: Chris Cormack <crc@liblime.com>
2007-10-01 20:39:59 -05:00 · 2007-10-01 20:39:59 -05:00 · 2154ed5cc1
commit 2154ed5cc1
parent 6c871b7847
2 changed files with 40 additions and 12 deletions
--- a/C4/Members.pm
+++ b/C4/Members.pm
@ -113,6 +113,7 @@ push @EXPORT, qw(
 push @EXPORT, qw(
  &checkuniquemember 
  &checkuserpassword
+	&Check_Userid
  &fixEthnicity
  &ethnicitycategories 
  &fixup_cardnumber
@ -750,6 +751,24 @@ sub AddMember {
    return $data{'borrowernumber'};
 }

+sub Check_Userid {
+	my ($uid,$member) = @_;
+	my $dbh = C4::Context->dbh;
+    # Make sure the userid chosen is unique and not theirs if non-empty. If it is not,
+    # Then we need to tell the user and have them create a new one.
+    my $sth =
+      $dbh->prepare(
+        "SELECT * FROM borrowers WHERE userid=? AND borrowernumber != ?");
+    $sth->execute( $uid, $member );
+    if ( ( $uid ne '' ) && ( my $row = $sth->fetchrow_hashref ) ) {
+        return 0;
+    }
+	else {
+		return 1;
+	}
+}
+
+
 sub changepassword {
    my ( $uid, $member, $digest ) = @_;
    my $dbh = C4::Context->dbh;
@ -758,9 +777,9 @@ sub changepassword {
 #Then we need to tell the user and have them create a new one.
    my $sth =
      $dbh->prepare(
-        "select * from borrowers where userid=? and borrowernumber != ?");
+        "SELECT * FROM borrowers WHERE userid=? AND borrowernumber != ?");
    $sth->execute( $uid, $member );
-    if ( ( $uid ne '' ) && ( $sth->fetchrow ) ) {
+    if ( ( $uid ne '' ) && ( my $row = $sth->fetchrow_hashref ) ) {
        return 0;
    }
    else {
--- a/members/memberentry.pl
+++ b/members/memberentry.pl
@ -166,12 +166,12 @@ if ($op eq 'insert' || $op eq 'modify' || $op eq 'save') {
 #   }
 # STEP 3
  if ($op eq 'insert'){
-    # this value show if the login and password are been used
-    my $loginexist=checkuserpassword($borrowernumber,$data{'userid'},$data{'password'});
-    # test to know if u must save or create the borrowers
-    if ($loginexist) {
-      push @errors, "ERROR_login_exist";
-      $nok=1;
+	  my $loginexist;
+	  # Check if the userid is unique
+	  if ( !Check_Userid($data{'userid'},$borrowernumber)) {
+		  push @errors, "ERROR_login_exist";
+		  $loginexist = 1;
+		  $nok=1;
    } else {
      $borrowernumber = &AddMember(%newdata);
        if ($data{'organisations'}){            
@ -210,13 +210,22 @@ if ($op eq 'insert' || $op eq 'modify' || $op eq 'save') {
 # }

 if ($op eq 'save'){
-  # test to know if another user have the same password and same login    
-  &ModMember(%newdata);    
-  print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
+	# test to know if another user have the same password and same login    
+	my $loginexist;                                                                                                                                      
+	# Check if the userid is unique                                                                                                                      
+	if ( !Check_Userid($data{'userid'},$borrowernumber)) {
+		push @errors, "ERROR_login_exist";
+		$loginexist = 1;
+		$nok=1;
+	}
+	if (!$loginexist){
+		&ModMember(%newdata);    
+		print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
+	}
 }

 if ($delete){
-  print $input->redirect("/cgi-bin/koha/deletemem.pl?member=$borrowernumber");
+	print $input->redirect("/cgi-bin/koha/deletemem.pl?member=$borrowernumber");
 }
 if ($nok){
  $op="add" if ($op eq "insert");