Commit graph

17 commits

Author SHA1 Message Date
542ab0bce9 Bug 5371: Force no caching for private pages at the OPAC
In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.

This patch just adds where the author found it could be useful.

Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-10-02 11:06:17 -03:00
Martin Stenberg
d5a5e9576e Bug 14675: Don't update details if no changes made
if no changes has been made for personal details, bring user back to details
page and inform them that no changes has been made.

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-08-20 13:42:04 -03:00
Juhani Seppälä
ab1fd8a556 Bug 5685: Validation of email address field
This patch adds server-side & client-side validation for email
form fields in the members/memberentry -view and in the
opac/memberentry-view (bootstrap).

I recently added simple validation for phone number and email address fields
for our in-house koha and saw this old bug: I'm open to any ideas on how
to do this better. Validation for phone numbers would be easy to add on
top of this but I left it out since this bug is only about the email
fields.

To test:
1) Select a member and go to any of the edit forms with email fields
(Primary info, "Library use", "Alternate address", "Alternative
contact").
2) Disable javascript in the browser in order to test server-side
validation and try to input invalid emails in each of the email form
fields.
3) Confirm that an invalid address is catched from any of the email
fields, an alert shown for each invalid address and that the member's
information was not updated with invalid data.
4) Enable javascript in the browser.
5) Confirm that the jquery validation plugin caches invalid addresses
from any of the email fields and that you cannot send the form before
correcting the problem.
6) Perform the same tests for the opac-memberentry-view.

Note: as the jQuery validation plugin doesn't exist in the bootstrap
folder, I just copied it over from the staff-client folder -how to deal
with this?

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I have undone the changes to opac.css so that they can be submitted as a
separate patch. I have some other follow-ups to make as well.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-07-24 13:47:32 -03:00
f7ed250d61 Bug 11693: Default emailing preferences not loaded for self registering patron
The call to AddMember_Opac does not take care of the messaging prefs
when enhanced messaging is enabled.
This patch adds the call to handle_form_action to do that.

Test plan:
Enable self registering patrons and enhanced messaging.
Check the (default) message prefs for the relevant patron category. At least
enable email for one notice.
Self-register a user with and without verification email enabled.
Check in both cases that the message prefs of the user conform to
those in the patron category. (So at least one enabled.)

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-07-24 13:44:39 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
fd6176d0a5 Bug 13526 - Mandatory fields should not be able to be hidden in borrower self-registration
Currently, mandatory fields in the borrower self-registration can be hidden.
This causes problems since the validator rejects the registration,
even though all required fields on the screen have been filled out.

This is especially a problem when using the system preference
"PatronSelfRegistrationVerifyByEmail", since it automatically makes
"email" a mandatory field.

This patch makes it so that a mandatory field cannot be hidden on
the self-registration page.

_TEST PLAN_

Before applying
1) Hide the "email" and the "emailpro" fields using the
"PatronSelfRegistrationBorrowerUnwantedField" system preference.

2) Make the "email" and the "emailpro" fields mandatory using the
"PatronSelfRegistrationBorrowerMandatoryField" system preference.

3) Note that you cannot see "Primary email" or "Secondary email"
on the self registration page.
(The registration page which can be found by turning
on "PatronSelfRegistration" and filling in
"PatronSelfRegistrationDefaultCategory". The link will be on
opac-main.pl on the right side of the screen under the login box.)

4) Note that you cannot submit a self-registration request as
the system tells you that you have not filled in all the mandatory
fields.

5) Apply the patch && refresh the self registration page

6) Note that you can now see "Primary email" and "Secondary email"
on the self-registration screen".

Signed-off-by: Abby <abbyrobnz@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-18 10:45:10 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
1993b3090c Bug 13050: Follow-up for bug 12371
This patch simplifies the SQL query in Letters.pm for table
borrower_modifications.
It also addresses the only case this query is used in opac-memberentry.
An unused variable in Letters.pm is removed.

Test plan:
Enable selfregistration on opac.
Set verification by email to required in prefs too.
Self-register two new users.
Check the email notices generated.
Verify the new users with the tokens in their notice.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Much cleaner SQL

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Cleaner and works as described, no regressions found.
Passes tests and QA script.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-21 15:29:43 -03:00
c435ceb916 Bug 12718 - Show extended patron attributes in the OPAC
At some point the patron details page in the OPAC lost the display of
patron attributes. This patch returns the attributes to the update page.

To test, log in to the OPAC as a patron who has data in one or more
extended patron attributes. View the "your personal details" page
(opac-memberentry.pl):

- Confirm that the information displays correctly.
- Test with OPACPatronDetails both on and off.
- Test with patron who has no data in extended patron attributes.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Attributes only display when 'display in OPAC' is configured.
Attribute shows correct description, when authorised value is used.
Works as expected, updating is currently not yet possible.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-26 11:36:02 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Galen Charlton
5c3f36279b Bug 11535: sanitize input from patron self-registration form
This patch adds the use of C4::Scrubber to the processing of input
from the patron self-registration form, thereby closing off one
avenue for Javascript injection.

To test:

[1] Use the OPAC self-registration form to enter a new patron,
    and set its address to something like:

    <span style="color: red;">BAD</span>

[2] In the staff interface, bring up the new patron record.  The
    address will show up in red, indicating a successful HTML
    injection.
[3] Apply the patch and use self-registration to enter a new
    patron with a similar case of unwanted HTML coding.
[4] Bring up the second patron in the staff interface.  This time,
    the undesirable HTML tag should not be present.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tags are not present on testing.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and that the patch fixes it.
Passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-14 16:28:14 +00:00
9a5f737dcb Bug 11342: fix error in OPAC self registration form if BorrowersTitles is empty
If BorrowersTitles is empty, it causes the library pulldown on the self
registration page to be empty, and to have the "Saluation" field have
the option "branches".

This patch also fixes a minor string capitalization issue.

Test Plan:
1) Enable OPAC self registration
2) Set the system preference BorrowersTitles to be empty
3) View the self registration page
4) Note the lack of branches in the home library pulldown
5) Apply this patch
6) Note the branches now display in the pulldown

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested in bootstrap and prog OPAC, with BorrowersTitle configured
and emptied.
Passes all tests and QA script.

Note: The titles pull down has 2 empty entries in master with
and without the patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-06 15:26:02 +00:00
09b8ce2a5f Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Enable patronimages
4) Verify patron images are still displaying correctly
5) Test deleting a patron image
6) Test adding a patron image from moremember.pl
7) Test adding a patron image from tools/picture-upload.pl

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 21:08:02 +00:00
afccbfcce7 Bug 10204 - Patron image no longer appears in the OPAC
With the addition of opac-memberentry.pl to the OPAC we lost a way to
display the image associated with a patron's account. This patch adds
display of the patron image to opac-memberentry.pl now that
opac-userdetails.pl and opac-userupdate.pl are deprecated.

To test:

1. Log into the OPAC as a patron who has an image associated with their
   account. View the "my personal details" tab and confirm that the
   patron image appears with and without OPACPatronDetails enabled.

2. Log into the OPAC as a patron who has no image associated with their
   account. View the "my personal details" tab and confirm that the
   layout looks correct.

3. Turn off OPACpatronimages and confirm that the "my personal details"
   page looks correct.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with OpacPatronDetails and OpacPatronImags turned on/off
and it's working well.
Template only changes.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-05-08 09:47:38 -04:00
29aa50d93d Bug 7067 QA Followup
Adjusts calling conventions to use hashrefs and eliminate redundant
procedural/OO mixed code.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:09:00 -05:00
5a0dffcaac Bug 7067 [Follow-up: templates] allow patron self registration via the opac
- Adding simple style to register link on home page
- Adding unique ids to new pages and to blocks containing
  registration links
- Adding better page titles and breadcrumb links to some pages
- Correcting bug which meant incorrect message showed on registration
  page when OPACPatronDetails preferences is turned off
- Passing patron details to opac-memberentry.tt so that patron's
  name can be displayed in breadcrumbs
- Improving display in staff client of patron record updates
  waiting to be approved.
- Adding a sort by name to output of pending patron record updates
- Adding updated JqueryUI library files to include expanded widget
  options.

The changes in this patch require the addition of the jQueryUI
Accordion widget. Other pending patches are seeking to add
enough of the other remaining missing widgets that it seems time
to go ahead and add the rest.

Future submissions which add usage of these widgets will have
to be careful to make changes to Koha's CSS where necessary.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00
92782d3832 Bug 7067 - OPAC Borrower Self Registration
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.

Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.

For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).

NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay

NEW NOTICE
* Verify by email notice

NEW SLIP
* Temporary card slip

NEW CRON JOB
* delete_expired_opac_registrations.pl
  - Deletes patrons that have not been upgraded from the temporary
    status within the specified delay
* delete_unverified_opac_registrations.pl
  - Deletes the unverified patrons based on the length of time specified
    in the PatronSelfRegistrationExpireTemporaryAccountsDelay

The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.

Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
   of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
    verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.

Test Plan - Part 2 - Borrower Modifications

1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
  Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
   submit.
8) Check the records, you should see the changes take affect on the
   approved one, and no changes to the other two. You should also see
   "Patrons requesting modifications: 1" at the bottom of mainpage.pl
   now.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 7067 - OPAC Borrower Self Registration - Followup

* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
  PatronSelfRegistrationVerifyByEmail is enabled.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00