Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

kohabug 1875 Public lists/virtualshelves are displayed and viewable whether a patron is logged in or not.

Browse source 
NOTE: This patch introduces code which generates an anonymous session when a patron first browses to OPAC.
This anonymous session contains a minimal amount of information including the results of a query to discover
all public lists/shevles. When the user logs in, the anonymous session is cleared and a new session created
for that user.

kohabug 1875 - fix error when editing a patron record

C4::Auth::checkauth was not distinguishing between a
'userid' input from an OPAC or staff login form and
a 'userid' input from (e.g.,) the patron editor.
Consequently, adding or editing a patron record would
result in Koha trying to log in as the new patron.

To resolve this, added a hidden input to all login
forms, 'koha_login_context', to explicitly signal
when a login is occurring.  The value of this input
can be 'opac', 'intranet', or 'sco' - the value is
not used at present, but may be of use later.

C4::Auth - added debug flag to two warns

kohabug 1875 - create anonymous sessions only for OPAC

No need to create an anonymous session for the intranet.

set yuipath correct for login pages

When preparing the template parameters for a login form,
C4::Auth was overriding the value of yuipath set
by C4::Output::gettemplate(), thus causing 404 errors
if the 'yuipath' syspref was set to 'local'.

kohabug 1875 - avoid warns viewing lists anonymously

During an anonymous OPAC session, the $loggedinuser variable
is not set.  As the undefined value causes warns in
C4::VirtualShelves::Page::shelfpage, for the purpose of the
shelfpage call the loggedinuser is set to -1, which should
not correspond to any real borrower number.

This is admittedly a hack to avoid digging through all
of C4::VirtualShelves to deal with lists viewed anonymously.

kohabug 1875 Refactoring of &ModShelf to avoid overwriting list owner needlessly

kohabug 1875 Avoid warning if can't find owner of shelf

Since virtualshelves.owner is not a true FK of borrowersnumber.number,
set ownername to '' if can't find the patron

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This commit is contained in:
Chris Nighswonger 2008-06-11 07:10:02 -05:00 committed by Joshua Ferraro
parent 7ac682c859
commit 3d377cd7c1
9 changed files with 249 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

294
C4/Auth.pm
View file

@ -221,6 +221,26 @@ sub get_template_and_user {
}
}
}
else { # if this is an anonymous session, setup to display public lists...
# load the template variables for stylesheets and JavaScript
$template->param( css_libs => $in->{'css_libs'} );
$template->param( css_module => $in->{'css_module'} );
$template->param( css_page => $in->{'css_page'} );
$template->param( css_widgets => $in->{'css_widgets'} );
$template->param( js_libs => $in->{'js_libs'} );
$template->param( js_module => $in->{'js_module'} );
$template->param( js_page => $in->{'js_page'} );
$template->param( js_widgets => $in->{'js_widgets'} );
$template->param( sessionID => $sessionID );
my $shelves;
if ($shelves = C4::Context->get_shelves_userenv()) {
$template->param( barshelves => scalar (@$shelves));
$template->param( barshelvesloop => $shelves);
}
}
if ( $in->{'type'} eq "intranet" ) {
$template->param(
@ -473,6 +493,7 @@ sub checkauth {
my %info;
my ( $userid, $cookie, $sessionID, $flags, $shelves );
my $logout = $query->param('logout.x');
if ( $userid = $ENV{'REMOTE_USER'} ) {
# Using Basic Authentication, no cookies required
$cookie = $query->cookie(
@ -485,7 +506,7 @@ sub checkauth {
elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison
my $session = get_session($sessionID);
C4::Context->_new_userenv($sessionID);
my ($ip, $lasttime);
my ($ip, $lasttime, $sessiontype);
if ($session){
C4::Context::set_userenv(
$session->param('number'), $session->param('id'),
@ -499,9 +520,20 @@ sub checkauth {
$ip = $session->param('ip');
$lasttime = $session->param('lasttime');
$userid = $session->param('id');
$sessiontype = $session->param('sessiontype');
}
if ($logout) {
if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
#if a user enters an id ne to the id in the current session, we need to log them in...
#first we need to clear the anonymous session...
$debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
$session->flush;
$session->delete();
C4::Context->_unset_userenv($sessionID);
$sessionID = undef;
$userid = undef;
}
elsif ($logout) {
# voluntary logout the user
$session->flush;
$session->delete();
@ -533,144 +565,159 @@ sub checkauth {
else {
$cookie = $query->cookie( CGISESSID => $session->id );
$session->param('lasttime',time());
$flags = haspermission( $dbh, $userid, $flagsrequired );
if ($flags) {
$loggedin = 1;
} else {
$info{'nopermission'} = 1;
unless ( $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
$flags = haspermission( $dbh, $userid, $flagsrequired );
if ($flags) {
$loggedin = 1;
} else {
$info{'nopermission'} = 1;
}
}
}
}
unless ($userid) {
my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
unless ($userid || $sessionID) {
#we initiate a session prior to checking for a username to allow for anonymous sessions...
my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
my $sessionID = $session->id;
$userid = $query->param('userid');
my $password = $query->param('password');
C4::Context->_new_userenv($sessionID);
my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
if ($return) {
_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
$cookie = $query->cookie(CGISESSID => $sessionID);
if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
$loggedin = 1;
}
else {
$info{'nopermission'} = 1;
C4::Context->_unset_userenv($sessionID);
}
C4::Context->_new_userenv($sessionID);
$cookie = $query->cookie(CGISESSID => $sessionID);
if ( $userid = $query->param('userid') ) {
my $password = $query->param('password');
my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
if ($return) {
_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
$loggedin = 1;
}
else {
$info{'nopermission'} = 1;
C4::Context->_unset_userenv($sessionID);
}
my ($borrowernumber, $firstname, $surname, $userflags,
$branchcode, $branchname, $branchprinter, $emailaddress);
my ($borrowernumber, $firstname, $surname, $userflags,
$branchcode, $branchname, $branchprinter, $emailaddress);
if ( $return == 1 ) {
my $select = "
SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode,
branches.branchname as branchname,
branches.branchprinter as branchprinter,
email
FROM borrowers
LEFT JOIN branches on borrowers.branchcode=branches.branchcode
";
my $sth = $dbh->prepare("$select where userid=?");
$sth->execute($userid);
unless ($sth->rows) {
$debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
$sth = $dbh->prepare("$select where cardnumber=?");
$sth->execute($cardnumber);
if ( $return == 1 ) {
my $select = "
SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode,
branches.branchname as branchname,
branches.branchprinter as branchprinter,
email
FROM borrowers
LEFT JOIN branches on borrowers.branchcode=branches.branchcode
";
my $sth = $dbh->prepare("$select where userid=?");
$sth->execute($userid);
unless ($sth->rows) {
$debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
$sth->execute($userid);
$debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
$sth = $dbh->prepare("$select where cardnumber=?");
$sth->execute($cardnumber);
unless ($sth->rows) {
$debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
$debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
$sth->execute($userid);
unless ($sth->rows) {
$debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
}
}
}
}
if ($sth->rows) {
($borrowernumber, $firstname, $surname, $userflags,
$branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
$debug and print STDERR "AUTH_3 results: " .
"$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
} else {
print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
}
if ($sth->rows) {
($borrowernumber, $firstname, $surname, $userflags,
$branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
$debug and print STDERR "AUTH_3 results: " .
"$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
} else {
print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
}
# launch a sequence to check if we have a ip for the branch, i
# if we have one we replace the branchcode of the userenv by the branch bound in the ip.
my $ip = $ENV{'REMOTE_ADDR'};
# if they specify at login, use that
if ($query->param('branch')) {
$branchcode = $query->param('branch');
$branchname = GetBranchName($branchcode);
}
my $branches = GetBranches();
if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
# we have to check they are coming from the right ip range
my $domain = $branches->{$branchcode}->{'branchip'};
if ($ip !~ /^$domain/){
$loggedin=0;
$info{'wrongip'} = 1;
my $ip = $ENV{'REMOTE_ADDR'};
# if they specify at login, use that
if ($query->param('branch')) {
$branchcode = $query->param('branch');
$branchname = GetBranchName($branchcode);
}
my $branches = GetBranches();
if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
# we have to check they are coming from the right ip range
my $domain = $branches->{$branchcode}->{'branchip'};
if ($ip !~ /^$domain/){
$loggedin=0;
$info{'wrongip'} = 1;
}
}
my @branchesloop;
foreach my $br ( keys %$branches ) {
# now we work with the treatment of ip
my $domain = $branches->{$br}->{'branchip'};
if ( $domain && $ip =~ /^$domain/ ) {
$branchcode = $branches->{$br}->{'branchcode'};
# new op dev : add the branchprinter and branchname in the cookie
$branchprinter = $branches->{$br}->{'branchprinter'};
$branchname = $branches->{$br}->{'branchname'};
}
}
$session->param('number',$borrowernumber);
$session->param('id',$userid);
$session->param('cardnumber',$cardnumber);
$session->param('firstname',$firstname);
$session->param('surname',$surname);
$session->param('branch',$branchcode);
$session->param('branchname',$branchname);
$session->param('flags',$userflags);
$session->param('emailaddress',$emailaddress);
$session->param('ip',$session->remote_addr());
$session->param('lasttime',time());
$debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
}
my @branchesloop;
foreach my $br ( keys %$branches ) {
# now we work with the treatment of ip
my $domain = $branches->{$br}->{'branchip'};
if ( $domain && $ip =~ /^$domain/ ) {
$branchcode = $branches->{$br}->{'branchcode'};
# new op dev : add the branchprinter and branchname in the cookie
$branchprinter = $branches->{$br}->{'branchprinter'};
$branchname = $branches->{$br}->{'branchname'};
}
}
$session->param('number',$borrowernumber);
$session->param('id',$userid);
$session->param('cardnumber',$cardnumber);
$session->param('firstname',$firstname);
$session->param('surname',$surname);
$session->param('branch',$branchcode);
$session->param('branchname',$branchname);
$session->param('flags',$userflags);
$session->param('emailaddress',$emailaddress);
$session->param('ip',$session->remote_addr());
$session->param('lasttime',time());
$debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
}
elsif ( $return == 2 ) {
#We suppose the user is the superlibrarian
$borrowernumber = 0;
$session->param('number',0);
$session->param('id',C4::Context->config('user'));
$session->param('cardnumber',C4::Context->config('user'));
$session->param('firstname',C4::Context->config('user'));
$session->param('surname',C4::Context->config('user'));
$session->param('branch','NO_LIBRARY_SET');
$session->param('branchname','NO_LIBRARY_SET');
$session->param('flags',1);
$session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
$session->param('ip',$session->remote_addr());
$session->param('lasttime',time());
}
C4::Context::set_userenv(
$session->param('number'), $session->param('id'),
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('branchprinter')
);
$shelves = GetShelvesSummary($borrowernumber,2,10);
elsif ( $return == 2 ) {
#We suppose the user is the superlibrarian
$borrowernumber = 0;
$session->param('number',0);
$session->param('id',C4::Context->config('user'));
$session->param('cardnumber',C4::Context->config('user'));
$session->param('firstname',C4::Context->config('user'));
$session->param('surname',C4::Context->config('user'));
$session->param('branch','NO_LIBRARY_SET');
$session->param('branchname','NO_LIBRARY_SET');
$session->param('flags',1);
$session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
$session->param('ip',$session->remote_addr());
$session->param('lasttime',time());
}
C4::Context::set_userenv(
$session->param('number'), $session->param('id'),
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('branchprinter')
);
$shelves = GetShelvesSummary($borrowernumber,2,10);
$session->param('shelves', $shelves);
C4::Context::set_shelves_userenv($shelves);
}
else {
if ($userid) {
$info{'invalid_username_or_password'} = 1;
C4::Context->_unset_userenv($sessionID);
}
}
} # END if ( $userid = $query->param('userid') )
elsif ($type eq "opac") {
# if we are here this is an anonymous session; add public lists to it and a few other items...
# anonymous sessions are created only for the OPAC
$debug and warn "Initiating an anonymous session...";
$shelves = GetShelvesSummary(0,2,10);
$session->param('shelves', $shelves);
C4::Context::set_shelves_userenv($shelves);
}
else {
if ($userid) {
$info{'invalid_username_or_password'} = 1;
C4::Context->_unset_userenv($sessionID);
}
}
# setting a couple of other session vars...
$session->param('ip',$session->remote_addr());
$session->param('lasttime',time());
$session->param('sessiontype','anon');
}
} # END unless ($userid)
my $insecure = C4::Context->boolean_preference('insecure');
@ -738,7 +785,6 @@ sub checkauth {
TemplateEncoding => C4::Context->preference("TemplateEncoding"),
IndependantBranches=> C4::Context->preference("IndependantBranches"),
AutoLocation => C4::Context->preference("AutoLocation"),
yuipath => C4::Context->preference("yuipath"),
wrongip => $info{'wrongip'}
);

50
C4/VirtualShelves.pm
View file

@ -25,6 +25,8 @@ use strict;
use Carp;
use C4::Context;
use C4::Circulation;
use C4::Debug;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);
BEGIN {
@ -341,21 +343,51 @@ sub AddToShelfFromBiblio {
=item ModShelf
ModShelf($shelfnumber, $shelfname, $owner, $category )
ModShelf($shelfnumber, $hashref)
Modify the value into virtualshelves table with values given on input arg.
Where $hashref->{column} = param
Modify the value into virtualshelves table with values given
from hashref, which each key of the hashref should be
the name of a column of virtualshelves.
=cut
sub ModShelf {
my ( $shelfnumber, $shelfname, $owner, $category, $sortfield ) = @_;
my $query = qq(
UPDATE virtualshelves
SET shelfname=?,owner=?,category=?,sortfield=?
WHERE shelfnumber=?
);
my $shelfnumber = shift;
my $shelf = shift;
if (exists $shelf->{shelfnumber}) {
carp "Should not use ModShelf to change shelfnumber";
return;
}
unless (defined $shelfnumber and $shelfnumber =~ /^\d+$/) {
carp "Invalid shelfnumber passed to ModShelf: $shelfnumber";
return;
}
my $query = "UPDATE virtualshelves SET ";
my @bind_params = ();
my @set_clauses = ();
foreach my $column (keys %$shelf) {
push @set_clauses, "$column = ?";
push @bind_params, $shelf->{$column};
}
if ($#set_clauses == -1) {
carp "No columns to update passed to ModShelf";
return;
}
$query .= join(", ", @set_clauses);
$query .= " WHERE shelfnumber = ? ";
push @bind_params, $shelfnumber;
$debug and warn "ModShelf query:\n $query\n",
"ModShelf query args: ", join(',', @bind_params), "\n";
my $sth = $dbh->prepare($query);
$sth->execute( $shelfname, $owner, $category, $sortfield, $shelfnumber );
$sth->execute( @bind_params );
}
=item ShelfPossibleAction

47
C4/VirtualShelves/Page.pm
View file

@ -119,19 +119,24 @@ SWITCH: {
last SWITCH;
}
if ( $op eq 'modifsave' ) {
ModShelf(
$shelfnumber, $query->param('shelfname'), $loggedinuser,
$query->param('category'), $query->param('sortfield')
);
my $shelf = {
'shelfname' => $query->param('shelfname'),
'category' => $query->param('category'),
'sortfield' => $query->param('sortfield'),
};
$shelf->{'owner'} = $loggedinuser if $type eq 'intranet'; #we only overwrite the list owner if &ModShelf was called from the staff client
ModShelf( $shelfnumber, $shelf );
$shelflist = GetShelves( $loggedinuser, 2 ); # refresh after mods
} elsif ( $op eq 'modif' ) {
my ( $shelfnumber2, $shelfname, $owner, $category, $sortfield ) =GetShelf( $query->param('shelfnumber') );
my ( $shelfnumber2, $shelfname, $owner, $category, $sortfield ) =GetShelf( $shelfnumber );
$template->param(
edit => 1,
shelfnumber => $shelfnumber2,
shelfname => $shelfname,
owner => $owner,
"category$category" => 1,
"category$category" => 1,
category => $category,
"sort_$sortfield" => 1,
);
}
@ -139,12 +144,12 @@ SWITCH: {
}
if ($shelfnumber = $query->param('viewshelf') ) {
#check that the user can view the shelf
if ( ShelfPossibleAction( $loggedinuser, $shelfnumber, 'view' ) ) {
my $items = GetShelfContents($shelfnumber);
for my $this_item (@$items) {
$this_item->{imageurl} = $imgdir."/".$itemtypes->{ $this_item->{itemtype} }->{'imageurl'};
$this_item->{'description'} = $itemtypes->{ $this_item->{itemtype} }->{'description'};
}
if ( ShelfPossibleAction( $loggedinuser, $shelfnumber, 'view' ) ) {
my $items = GetShelfContents($shelfnumber);
for my $this_item (@$items) {
$this_item->{imageurl} = $imgdir."/".$itemtypes->{ $this_item->{itemtype} }->{'imageurl'};
$this_item->{'description'} = $itemtypes->{ $this_item->{itemtype} }->{'description'};
}
$showadd = 1;
my $i = 0;
foreach (grep {$i++ % 2} @$items) { # every other item
@ -152,14 +157,14 @@ SWITCH: {
}
# my $manageshelf = &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' );
# ($manageshelf) and $showadd = 1;
$template->param(
shelfname => $shelflist->{$shelfnumber}->{'shelfname'},
shelfnumber => $shelfnumber,
viewshelf => $shelfnumber,
manageshelf => &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' ),
itemsloop => $items,
);
} else { push @paramsloop, {nopermission=>$shelfnumber}; }
$template->param(
shelfname => $shelflist->{$shelfnumber}->{'shelfname'},
shelfnumber => $shelfnumber,
viewshelf => $shelfnumber,
manageshelf => &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' ),
itemsloop => $items,
);
} else { push @paramsloop, {nopermission=>$shelfnumber} };
last SWITCH;
}
if ( $query->param('shelves') ) {
@ -234,7 +239,7 @@ foreach my $element (sort { lc($shelflist->{$a}->{'shelfname'}) cmp lc($shelflis
$shelflist->{$element}->{'mine'} = 1;
}
my $member = GetMember($owner,'borrowernumber');
$shelflist->{$element}->{ownername} = $member->{firstname} . " " . $member->{surname};
$shelflist->{$element}->{ownername} = defined($member) ? $member->{firstname} . " " . $member->{surname} : '';
$numberCanManage++ if $canmanage; # possibly outmoded
if ($shelflist->{$element}->{'category'} eq '1') {
(scalar(@shelveslooppriv) % 2) and $shelflist->{$element}->{toggle} = 1;

1
koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl
View file

@ -37,6 +37,7 @@
<!-- login prompt time-->
<form action="<!-- TMPL_VAR NAME="url" -->" method="post" name="loginform" id="loginform">
<input type="hidden" name="koha_login_context" value="intranet" />
<!-- TMPL_LOOP NAME="INPUTS" -->
<input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" ESCAPE="html" -->" />
<!-- /TMPL_LOOP -->

2
koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl
View file

@ -40,7 +40,7 @@
<!-- /TMPL_IF -->
<form action="<!-- TMPL_VAR NAME="url" -->" name="auth" id="auth" method="post">
<input type="hidden" name="koha_login_context" value="opac" />
<fieldset class="brief"><!-- TMPL_LOOP NAME="INPUTS" -->
<input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->" />
<!-- /TMPL_LOOP -->

1
koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl
View file

@ -96,6 +96,7 @@
<div class="yui-u">
<div id="login" class="container">
<form action="/cgi-bin/koha/opac-user.pl" method="post" name="auth" id="auth">
<input type="hidden" name="koha_login_context" value="opac" />
<fieldset class="brief">
<legend>Log in to Your Account:</legend>
<ol>

2
koha-tmpl/opac-tmpl/prog/en/modules/opac-shelves.tmpl
View file

@ -169,7 +169,7 @@ $.tablesorter.addParser({
</select></li>
</ol>
</fieldset>
<fieldset class="action"><input type="hidden" name="category" value="1" /><input type="submit" value="Save" class="submit" /> <a class="cancel" href="/cgi-bin/koha/opac-shelves.pl?shelfnumber=<!-- TMPL_VAR NAME="shelfnumber" -->">Cancel</a></fieldset>
<fieldset class="action"><input type="hidden" name="category" value="<!-- TMPL_VAR NAME="category" -->" /><input type="submit" value="Save" class="submit" /> <a class="cancel" href="/cgi-bin/koha/opac-shelves.pl?shelfnumber=<!-- TMPL_VAR NAME="shelfnumber" -->">Cancel</a></fieldset>
</form>
<!-- /TMPL_IF -->

1
koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
View file

@ -78,6 +78,7 @@ Sorry, This Self-Checkout Station has lost authentication. Please contact the a
<!-- TMPL_UNLESS NAME="validuser" -->
<div class="sco_entry" >
<form id="mainform" action="/cgi-bin/koha/sco/sco-main.pl" name="myForm" method="post">
<input type="hidden" name="koha_login_context" value="sco" />
<p class="checkout"><label for="userid">Please enter your cardnumber:</label>
<input type="text" id="userid" class="firstField" size="10" name="userid" onblur="ValidateCode();" />
<!-- TMPL_LOOP NAME="INPUTS" --><input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->"><!-- /TMPL_LOOP -->

8
opac/opac-shelves.pl
View file

@ -31,4 +31,10 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
type => "opac",
authnotrequired => 1,
});
shelfpage('opac', $query, $template, $loggedinuser, $cookie);
# if $loggedinuser is not defined, set it to -1, which should
# not correspond to any real borrowernumber.
# FIXME: this is a hack to temporarily avoid changing several
# routines in C4::VirtualShelves and C4::VirtualShelves::page
# to deal with lists accessed during an anonymous OPAC session
shelfpage('opac', $query, $template, (defined($loggedinuser) ? $loggedinuser : -1), $cookie);