Commit graph

448 commits

Author SHA1 Message Date
Galen Charlton
488a3d6fed use JSON rather than Storable for the OPAC search history cookie
To test:

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- Clear the KohaOpacRecentSearches cookie
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verified that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 01:52:06 +00:00
04dd98fa84 Bug 10552: make several sysprefs available to the OPAC login page
Several system preference variables are unavailable to the OPAC login
template because they are not explicitly enabled for that page. Instead
of adding them to Auth.pm using the old method this patch uses the new
system preference check syntax using the Koha TT plugin.

The following preferences are now checked using this syntax in
masthead.inc:

OpacAddMastheadLibraryPulldown
UseCourseReserves
reviewson
OpacShowRecentComments

In order for the call in masthead.inc to the new plugin to work on all
OPAC pages "[% USE Koha %]" must be added to any template which
includes it (most of them).

Also in this patch: A change to Auth.pm to enable correct display of the
LibraryName in the title of the OPAC login page.

To test, turn on the above system preferences and confirm that the
relevant links appear under the OPAC's main search bar on all pages
including the login page.

Confirm that the text specified in the LibraryName system preference is
shown as the title of the login page.

Confirm that course reserves and comments are displayed correctly on the
biblio detail page.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I checked both prog and ccsr - all seems well and the links are appearing and disappearing in accordance with the appropriate sysprefs.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-22 14:54:15 +00:00
651f810f68 Bug 10553: make public lists available on OPAC login page
If you are not logged in to the OPAC, looking at the login page, and you
click the Lists button to see public lists it says there are none. This
patch corrects Auth.pm so that it loads the list of public lists in this
situation.

To test you must have at least one public list. Make sure you are logged
out of the OPAC and visit the login page (/cgi-bin/koha/opac-user.pl).
Clicking the "Lists" button should show you a list of public shelves.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
works as described, and list button is not shown when opacpublic is disabled.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-18 16:29:41 +00:00
Galen Charlton
968f337728 Bug 10515: (follow-up) fix use of GetBranchCategories
Adjusting to reflect the removal of the branchcode parameter
to GetBranchCategories; also filter on the 'searchdomain'
library group type, as appears to have been intended.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-17 18:02:13 +00:00
71b79d5990 Bug 9541: make OPAC login page respect OPAC_CSS_OVERRIDE
When clicking the login link for opac-user.pl in a multiple branch
scenario the environment variable for OPAC_CSS_OVERRIDE was ignored from
the koha-conf.xml file.  It seems like is is working on every page in
the opac except for the login page.

Test Plan:
1) Set up a Koha server with 2 separate catalog configurations
   ( e.g. opac1.kohatest, opac2.kohatest )
2) Set the OPAC_CSS_OVERRIDE directive for separate css files
   in each opac
3) Browse to the opac login page, note the css is not applied
4) Apply this patch
5) Reload the page, note the css is now applied

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-06-18 07:03:51 -07:00
b00ec06968 Bug 10080 - Change system pref IndependantBranches to IndependentBranches
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-22 07:58:23 -07:00
be869ab279 Bug 8215 - Course Reserves
Adds a course reserves system for academic libraries.

The course reserves system allows libraries to create courses
and put items on reserves for those courses.

Each item with at least one reserve can have some of its attributes
modified while it is on reserve for at least one active course.
These attributes include item type, collection code, shelving location,
and holding library. If there are no active courses with this item
on reserve, it's attributes will revert to the original attributes
it had before going on reserve.

Test Plan:
  1) Create new authorised value categories DEPARTMENT and TERM
  2) Create a new course, add instructors to that course.
  3) Reserve items for that course, verify item attributes have changed.
  4) Disable course, verify item attributes have reverted.
  5) Enable course again, verify item attributes again.
  6) Delete course, verify item attributes again.
  7) Create two new courses, add the same item(s) to both courses.
  8) Disable one course, verify item attributes have not reverted.
  9) Disable both courses, verify item attributes have reverted.
 10) Enable one course, verify item attributes are again set to the
     new values.
 11) Edit reserve item attributes, verify.
 12) Disable all courses, edit reserve item attributes, verify
     the item itself still has its original attributes, verify
     the reserve item attributes have been updated.
 13) Verify the ability to remove instructors from a course.
 14) Verify new permissions, top level coursereserves, with
     subpermissions add_reserves and delete_reserves.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Corinne Bulac <corinne.hayet@bulac.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

http://bugs.koha-community.org/show_bug.cgi?id=8125
2013-05-21 15:50:55 -07:00
Jonathan Druart
537c664038 Bug 9508: Standardize the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files

- Remove "all" occurrences (those I found!) of dateformat_*
From now the only way to get the date format is a string comparaison
(dateformat == "metric")

Checked with the command:
  git grep "\(dateformat_us\|dateformat_metric\|dateformat_iso\)" | grep
  -v translator

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested all the datepickers I could find, looks good.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-20 09:05:01 -07:00
Galen Charlton
3536b10acf Revert "Bug 10074 - Encoding problems at login time"
This reverts commit 5805b5f363.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:10:23 -07:00
Galen Charlton
327b6c6ce3 Revert "Bug 10019: Fix for userid containing UTF8 chars"
This reverts commit 7e90e1524f.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:05:22 -07:00
7e90e1524f Bug 10019: Fix for userid containing UTF8 chars
Decodes userid on two places in checkauth of C4/Auth.pm

Test plan:
Include some non-Latin characters in your userid (loginname). Arab, Chinese?
Login into opac and check user page.
Go to staff (no new login), check your login name at various places.
Logout, login via staff.
Do the same.
Go to opac again (no new login), check user page.
Optionally: Remove all your sessions from table. Do a login. Check sessions.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works as described. No errors.
This patch fixes this problem, but I wonder if
there is a general solution that handle all as utf8.
Tested in opac and staff.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:13:09 -04:00
5805b5f363 Bug 10074 - Encoding problems at login time
Bug 6554 patched output_html_with_http_headers to encode utf8 data, and Templates.pm to expect utf8 data to be encoded.
(At least) the staff login screen outputs directly to STDOUT (Auth.pm does, WHICH IS WRONG!) and wasn't fixed to do the encoding first.

This patch makes it use output_html_with_http_headers and solves the problem.

Changed 'use' for 'require' as jcamins and marcelr suggested.

Regards
To+

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:07:01 -04:00
719044f771 Bug 9257 - Add "groups" to normal search pulldown
This patch adds the ability to add groups to the library select
pulldown on the opac, if it is enabled.

Test Plan:
1) Apply patch
2) Run updatedatabase.pl
3) Go to Administration › Libraries and groups
4) Create a new group, or edit an existing one
5) Ensure the 'Show in search pulldown' checkbox is checked
6) Save the group
7) Enable OpacAddMastheadLibraryPulldown if it is not already enabled
8) Load the OPAC, try the group search from the libraries pulldown menu

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Yes! Now this works, and well.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-22 08:20:08 -04:00
Kyle M Hall
5eabc672fd Bug 7804 - Add Koha Plugin System
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.

Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.

Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
      <pluginsdir>/var/lib/koha/plugins</pluginsdir>
      <enable_plugins>1</enable_plugins>"
   to your koha-conf.xml file
5) Add the line
       Alias /plugin/ "/var/lib/koha/plugins/"
   to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-20 14:49:47 -04:00
Bernardo Gonzalez Kriegel
9205e732fb Bug 9827: remove 'insecure' system preference
This patch removes 'insecure' system preference.

Also removes remaining code that make use of
the preference. It's broken anyway.

Only remains a reference in POD of C4/Boolean.pm

To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.

2) Apply the patch

3) Run updatedatabase.pl

4) Check that Staff login proceeds as usual.

5) Check that 'insecure' syspref is no more.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:46:34 -04:00
4dcee58a4d Bug 7440 - Remove NoZebra vestiges
Removed NoZebra vestiges. This comprises several code blocks that depend on the NoZebra syspref and NZ related functions/methods.

C4::Biblio->
 GetNoZebraIndexes
 _DelBiblioNoZebra
 _AddBiblioNoZebra

C4::Search->
 NZgetRecords
 NZanalyse
 NZoperatorAND
 NZoperatorOR
 NZoperatorNOT
 NZorder

C4::Installer->
 set_indexing_engine

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:17:04 -04:00
d03c8443a4 Bug 9587 Follow up to fix the problem Katrin identified
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Solve that problem, but now koha-qa complains about tabs
in C4/Context.pm.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tests done:
1) System preference 'Persona' added correctly.
2) Persona off, normal login still possible
3) Persona on, Persona login works
4) Persona logout works
5) normal login still possible
6) normal logout still possible

Persona is off by default and uses the primary email address
from the patron account.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
8cb1ac85a2 Bug 9587 : Followup removing a commented out warn that was annoying the qa tools
Not introduced by this work but no reason not to clean it

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: no more complains from koha-qa

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
3e8f39015b Bug 9587 : Follow up, fixing tabs in C4/Auth.pm
And translation problem in masthead.inc

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
493dcede48 Bug 9587 : Mozilla Persona login
Working on Mozilla Persona support (browser id)

    This will let a user log into Koha using browser id, if their email
    address used matches the email address inside Koha.

    Once an assertion is received, we simply need to find the user that
    matches that email address, and create a session for them.

    opac/svc/login handles this part.

    The nice thing about it is, the user doesn't have to do anything, like
    linking their account. As long as the email address they are using to
    identify themselves in browserid is the same as the one in Koha it
    will just work.

    This is covered by a systempreference, to allow people to do it, and
    is of course totally opt in, it works alongside normal Koha (or any
    other method) of login. So only those choosing to use it, need use it

Test Plan

1/ Make sure OPACBaseURL is set correctly
2/ Switch on the Persona syspref
3/ Make a borrower (or edit one) to have the email you plan to use as
the primary email
4/ Click sign in with email, make or use a persona account
5/ Logout
6/ Check you can still login and logout the normal way

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works great.
It's not browser dependent, but tested with chrome, firefox, opera and safari.
Old an new login system works.
Minor errors, addresed in follow-up.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:35 -05:00
Jared Camins-Esakov
0db3cccf87 Merge branch 'bug_9102' into 3.12-master 2013-02-01 10:50:27 -05:00
Jonathan Druart
bc5f5f4f01 Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-01 10:50:12 -05:00
Jonathan Druart
a469663d7b Bug 9108: Followup: send the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
 - opac/sco/sco-main.pl
 - reports/acquisitions_stats.pl
 - tools/cleanborrowers.pl

All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.

Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
  adding dates

Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-17 21:59:30 -05:00
Chris Cormack
a51a78b71c Bug 9102 : Set HttpOnly on the CGISESSID cookie
https://www.owasp.org/index.php/HttpOnly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

To test, use curl

Before the patch

% curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 06:56:49 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

After patch

 % curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 07:01:04 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-04 08:14:01 -05:00
Jared Camins-Esakov
7535f2bfa3 Revert "Bug 7167: New version for updatedatabase"
This reverts commit c9cb55ef47.
2012-12-27 14:02:56 -05:00
Jared Camins-Esakov
72f9f2239f Revert "Bug 7167 follow-up setting DBrevision, before pushing"
This reverts commit 49d6b750cd.
2012-12-27 14:02:55 -05:00
Jared Camins-Esakov
38f8bf4776 Revert "Bug 7167: Set final updatedatabase.pl version"
This reverts commit c34017336c.
2012-12-27 14:02:50 -05:00
Jared Camins-Esakov
c34017336c Bug 7167: Set final updatedatabase.pl version 2012-12-27 11:55:22 -05:00
Paul Poulain
49d6b750cd Bug 7167 follow-up setting DBrevision, before pushing
The 2 files C4/Auth.pm and install.pl *must* have the $version variable
set to what is the last old-mechanism for updatedatabase

This patch set to 3.11.00001 that is the last number when I QA this patch

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
2012-12-27 11:13:58 -05:00
Jonathan Druart
c9cb55ef47 Bug 7167: New version for updatedatabase
This patch use DataTable, see BUG|BZ 6836
      - css/datatables.css
      - lib/jquery/plugins/jquery.dataTables.min.js
      - js/datatables.js

http://bugs.koha-community.org/show_bug.cgi?id=7167

Bug 7167 follow-up

Major changes:
* creating database tables for update on the fly, the  1st time the update script is called
* version is checked on mainpage.pl (and here only). If syspref Version differ from kohaversion.pl, the old updatedatabase is launched. If there are updates missing from new mechanism, the updatedatabase page is reached
* kohaversion check on each page is now useless in Auth.pm, removed dead code
* Updated installer: at the end of the process, retrieve all updates and automatically mark them "OK", as they're included in installer

Minor changes:
* adding copyright
* adding poddoc
* updating a warning, for better clarity
* switching from $$var to $var->
* small TT glitch fixed in updatedatabase.tt
* about.pl now returns the Version systempreference PLUS all the patches that have been applied

Bug 7167 follow-up perlcritic & numbers display & partial apply depending on DEBUG

* add use strict to updatedatabase, that is now perlcritic compliant
* partial apply of DB revs is now managed by DEBUG env variable = if DEBUG=0, the user can just apply every DBrev. If DEBUG=1, we're in a dev env, the user know has the option to apply DBrevs one by one
Display:
* in updatedatabase, small spelling changes
* in about.pl, remove 0 just after . (3.06.01 is displayed as 3.6.1)
* improve the display of applied numbers on about.pl
 - before this patch, if you have N, N+1, N+2, N+3 and N+10 DB rev applied, about was displaying : , N+1 / N+2 / N+3 / N+10
 - after this patch you have N......N+3 / N+10
* add ORDER BY into list_versions_already_knows to have number retrieved in the same order whatever the order they are applied

http://bugs.koha-community.org/show_bug.cgi?id=6679
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve the update.pl script

 * Added CLI options to update.pl
 * Call update.pl from the installer.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Now, we check versions on mainpage.pl and after login

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Reimplementing Marcel's suggestions & fixes

 * Fixing the bugguy old version check (that was made against 3.0900000 instead of 3.0900027 -the last current kohaversion number
 * in the CLI script, if there is nothing to report, just say it

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Bug 7167: Remove check_coherency

As suggested by Katrin, we've removed the call to check_coherency. It intended to provide readable comments when some SQL was wrong. Removing this sub result in the SQL error being displayed. That's OK because the sysadmin or the developer can google the error, understand it, then fix it.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Changing in .sql parsing

We first split on delimiter and then extract comments. You can now put
\n for delimiter comments.
ex:

DELIMITER ;
-- this is a comment
SELECT * FROM  my_table;
-- another comment

Before this patch, we had to write:
DELIMITER ;
-- this is a comment;
SELECT * FROM  my_table;
-- another comment;

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve display + factorize get_queries

Despite it's size, this patch is dealing with display questions only:
 * The text "comments" and "queries" was hardcoded in ajax-updatedb-getinfo.pl script. It has been replaced by a JSON call, returning 2 separate values, "comments:" and "queries:" is now in the template, making it translatable
 * Some minor tweak in the display (like putting things in bold, displaying OK in green, warnings in yellow and KO in red)
 * Reordering the column headers for more readability:
    * Status column is merged with availability, column is after status
    * Status/availability terms more clear: "Not applied" instead of "unknown", "Applied and OK", "Applied and failed", "Applied and forced" are the 3 other statuses
    * Removed one click to display comments on DBREv not yet applied: before the patch, one had to click "Show details", then "Get comments", now, "Get comments" is enough

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX typos & moving a script to a proper place

* renamed availables to available
* renamed already_knows to already_applied
* fixed FSF & copyright headers
* removing a "use strict" because we already had use Modern::Perl
* fixed a tiny typo in about.tt

* moving update.pl to misc/bin because it's a CLI script

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add dependency File::Find::Rule

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: We want to execute non-numeric version with the -all option

Dealing with Marcel comment 100:
> Note that the current code around line 52/53 does not
> handle that correctly:
> Argument "\x{74}\x{65}..." isn't numeric in numeric ge (>=) at
> installer/data/mysql/update.pl line 52.

Now, a non-numeric DBRev will be applied if you provide the --all parameter, without throwing the error

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 reindentation & removing dead code

* The if (! defined $ENV{PERL5LIB}... block was wrongly intented
* The 3 lines running update.pl are useless: the update (new mechanism) is run from admin/updatedatabase.pl script. This part of install.pl is run only when you have "old style" DB revisions.

Summary:
 * old mechanism = it's run as previously, by reaching the installer/install.pl?step=3 page, that applies all revisions
 * new mechanism = when you log-in or reach mainpage.pl, you reach admin/updatedatabase.pl, where you can see what will be run, and run it

Tiny side effect = the check for old mechanism is now done *after* authentification (thus it's not done on each page call). It means that the user will have to enter login/password twice :
 * first to log-in to Koha
 * second to run installer/updatedatabase.pl?step=3
As the old mechanism is deprecated, we can expect this will happend only a few time in the history of a setup, it's not a big deal.

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Don't raise an error in routine TableExists

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX merge

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 follow-up fix POD syntax to please koha-qa.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-27 11:13:54 -05:00
Nadia Nicolaides
4d644c6930 Follow-up Bug 5634: Ordering branches should be case independent
This patch fix the order of branches in the log-in page,
on Branch.pm we added the variable branchcode to the
hash returned by GetBranchesLoop, and this function is used
on Auth.pm to get a list of branches ordered by branchname

To test
1) Use an installation with some branches
2) On login screen the branches are ordered by branchcode
3) apply the patch
4) On login screen the branches are now ordered by branchname

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch works as expected. Before applying the patch the branches
with lower case was at the end of the list. Now they are well ordered.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-21 07:42:18 -05:00
92782d3832 Bug 7067 - OPAC Borrower Self Registration
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.

Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.

For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).

NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay

NEW NOTICE
* Verify by email notice

NEW SLIP
* Temporary card slip

NEW CRON JOB
* delete_expired_opac_registrations.pl
  - Deletes patrons that have not been upgraded from the temporary
    status within the specified delay
* delete_unverified_opac_registrations.pl
  - Deletes the unverified patrons based on the length of time specified
    in the PatronSelfRegistrationExpireTemporaryAccountsDelay

The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.

Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
   of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
    verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.

Test Plan - Part 2 - Borrower Modifications

1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
  Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
   submit.
8) Check the records, you should see the changes take affect on the
   approved one, and no changes to the other two. You should also see
   "Patrons requesting modifications: 1" at the bottom of mainpage.pl
   now.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 7067 - OPAC Borrower Self Registration - Followup

* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
  PatronSelfRegistrationVerifyByEmail is enabled.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00
5b8e1548e4 Bug 8804 [Revised] Quiet errors in the log from Auth.pm
Found three cases where variables were being
referenced which did not (in each case) exist. Adding
checks for those variables' existence.

Errors appeared when logged in and viewing a detail
page in the OPAC.

Revision simplifies logic as per RM suggestion.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-01 16:57:19 -04:00
Jonathan Druart
fd9f025889 But 8787: don't load the page if OpacMaintenance is ON
If the syspref OpacMaintenance is ON, it is useless to loaded the
requested page.

To test:
- switch on the syspref OpacMaintenace
- check in your apache access log, zebra log, etc. the requested page is
  not loaded (i.e. on the opac-search.pl page)

Signed-off-by: Marc Veron <veron@veron.ch>
Checked by watching  other_vhosts_access.log
Works as expected

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-24 18:15:19 +02:00
Jared Camins-Esakov
e883a0f065 Bug 8829: Fix authority importing
A subroutine was not being imported by C4::ImportBatch (ironic, no?)
so this patch makes the call fully-qualified. This patch also cleans
up two warnings in C4::Auth that are raised when logged in as the
database user.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-08 18:06:55 +02:00
Fridolyn SOMERS
bd8f01fec0 Bug 8497: Strange behavior when modifying the timeout system preference
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Tested standard login, patron auto-complete, and system preferences.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-05 16:49:24 +02:00
Mark Tompsett
4c8cfd0c29 Bug 8737 - Incorrect icon at login in staff client
Added the following missing code to ensure the correct icon
is used when logged out:
   IntranetFavicon => C4::Context->preference('IntranetFavicon')
This was added into an existing $template->param() call.

Not to be confused with the koha logo on the login page, the
icon is a 16x16 pixel graphic in the browser tab. The default
is found at .../intranet-tmpl/prog/en/includes/favicon.ico.

If the "IntranetFavicon" system preference is set, it should be
used by the staff client regardless of login state. It was not
being used in the "AUTH rejected" section of Auth.pm, but the
OpacFavicon variable was being set. This explains why the
"OpacFavicon" system preference works for the OPAC client, but
not the staff client upon logout.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-03 11:07:14 +02:00
50759af6fe Bug 6679 - fix 3 perlcritic violations in C4/Auth.pm, and enabled warnings
Subroutine prototypes used at line 561, column 1.  See page 194 of PBP.  (Severity: 5)

Bareword file handle opened at line 606, column 5.  See pages 202,204 of PBP.  (Severity: 5)

Two-argument "open" used at line 606, column 5.  See page 207 of PBP.  (Severity: 5)

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch reintroduces 'use warnings' in C4/Auth.pm.
Keep attentive to new warning messages in your log

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-20 12:18:14 +02:00
Frédérick
f913ebe49f Bug 8597: Add system preferences to configure the mobile view.
This patch adds the following system preferences:
* OpacMainUserBlockMobile - alternate content for the MainUserBlock for
  mobile
* OPACMobileUserCSS - custom CSS for mobile views only
* OpacShowFiltersPulldownMobile - whether or not to show the index
  dropdown on the mobile view
* OpacShowLibrariesPulldownMobile - whether or not to show the library
  dropdown on the mobile view

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-09-18 13:42:18 +02:00
ff7417fa91 Bug 8679 [REVISED] Remove usage of Amazon API
This patch removes the AmazonReviews and AmazonSimilarItems
features from the OPAC and staff client. With on Amazon
feature remaining, cover images, the *AmazonEnabled preference
is also removed in favor of checking the *AmazonCoverImages
preference. Two other system preferences, AWSAccessKeyID and
AWSPrivateKey are removed as they were required only by the
removed features.

Handling of book cover images from Amazon is unchanged.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on amazon covers in opac and staff client and all
worked as expected. Then tested to make sure other cover image
services still worked and they do.

Signing off.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-29 16:05:29 +02:00
daeb964996 8263 Consistent stylesheet prefs
This patch makes the use of opaccolorstylesheet and opaclayoutstylesheet more consistent. They may be: 1) just a file name, 2) a complete local path or 3) a full URL starting with http: for a remote css file.
This makes the syspref opacstylesheet that was only used for a remote css file obsolete.

June 20, 2012 Rebased.
July 18, 2012: Regex allows https too (thanks to Owen Leonard).

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-03 12:03:30 +02:00
Paul Poulain
ba7ac6d3ec Revert "Bug 4460 - Amazon's AssociateID tag not used in links so referred revenue lost"
This reverts commit 68ba16afe8.
2012-07-11 12:33:36 +02:00
68ba16afe8 Bug 4460 - Amazon's AssociateID tag not used in links so referred revenue lost
Rewrite of patch authored by Reed Wade <reed@catalyst.net.nz>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-07-10 10:59:01 +02:00
Jared Camins-Esakov
36f1fb6308 Bug 8311: Fix scoping error in C4::Auth
There is a mis-scoped function call in C4::Auth, on line 154, where
GetMembers is called without explicit scoping and before
'require C4::Members;'. This does not actually have any functional
ramifications as far as I can tell, but it would be a good idea to fix
it.

This patch also corrects a bit of indenting in that area, because it was
an unnecessary challenge to understand the code with the mis-indenting.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-29 16:16:55 +02:00
76b80ac33c Bug 8130 - attach PDF files to a patron record
Adds the ability to attach unlimited arbitrary files to
a borrower record.

Test Plan:
1) Enable system preference EnableBorrowerFiles
2) Look up borrower record, click 'Files' tab on left
3) Upload a file, download the file, delete the file.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
rebased for current master.

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
rebased again; some indentation issues in include menus.
2012-06-28 10:55:51 +02:00
Paul Poulain
a163be4113 Bug 3708 - Add another customizable region to the OPAC: right sidebar nav
This patch creates a new system preference, OpacNavRight, in
which the librarian can add HTML which will appear on the OPAC
main page under the login form. If the user is logged in the content
will appear in place of the login form.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-20 23:11:06 +02:00
Jared Camins-Esakov
3aaaf2f2e4 Bug 7943: Authority search results are untranslatable
The HTML for authority search results was previously generated in
C4::AuthoritiesMarc::BuildSummary, which meant that it couldn't be
translated. This patch moves the HTML generation into the templates
by introducing a new authorities-search-results.inc include file for
both the OPAC and the Intranet which contains a Template::Toolkit BLOCK
for rendering the authority results. Fixes the authority autocomplete
by removing the untranslatable strings, and returning only data from
the database.

To test:
1. Apply patch.
2. Test authority searching in the authority module in the staff client
3. Test authority searching in the authority control plugin in the
   cataloguing module (and the plugin for UNIMARC field 210$c, if you
   can figure out how)
4. Test authority searching in the OPAC

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with MARC21 data.

1) Applies cleanly on current HEAD.

2) Authority search in staff

Patch works wonderfully, only some small notes found while testing that have
not been changed by this patch:

ENH note: Search terms show up nowhere. So if I want to change the sorting, I have to
repeat typing in my search term. Even if the form does not keep the term, it
should be visible somewhere on the screen what I searched for.

ENH note: The pagination on top and at the bottom of the result list are formatted
differently. Maybe some missing CSS?

ENH note: Also the authority type is not shown at all in the result list.

3) Cataloguing and authority plugins

The autocomplete function works nicely.

ENH note: There is only one small enhancement
I could imagine. If I start my search from 100 it will limit the search to
'persons' but the autocomplete will also suggest other authorities. It would
be a bit cleaner, if the autocomplete could limit by the appropriate authority
type too. Very nice feature.

Plugins overall work nicely. Created links include the authority numbers and work
correctly.

4) Authority search in OPAC

Works nicely. Display is consistent, but translatability greatly improved.

ENH note: In staff we use 'Details' in OPAC we use 'View full heading' - I wonder
if maybe 'details' would be better understandable for users?

Note: Code reveals a system preference 'AuthDisplayHierarchy' that is
not available in the system preference editor. I talked to Jared and he
will work on this feature later on. For now it's no regression, as the
preference has never been visible.
2012-06-20 10:07:30 +02:00
Dobrica Pavlinusic
91bf568114 Bug 7810 - C4/Auth.pm - on plack restart session is undefined
So we shouldn't try to delete it. This produces application error
instead of redirection to login page.

I had similar problems with CGI, especially when session in browser
is still active, and one on filesystem or database is already expired.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Solved the problem when my Plack installation started acting up due to
stale cookies.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 18:11:52 +02:00
Chris Cormack
509d673f10 Bug 7941 : Fix version numbers in modules
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 17:29:38 +02:00
Katrin Fischer
47fac215af Bug 7935: Introduce sys pref to control 'browse results' in OPAC
Patch introduces a new system preference "OpacBrowseResults" to control
the feature for browsing and paging through results shown on top of the
left menu on detail pages in OPAC.

Preference is activated by default and can be deactivated using the
system preference.

To test:
 - Check database update works correctly
 - Check that browsing and paging still works with after database update
 - Deactivate the feature by setting 'OpacBrowseResults' to 'Disable'
 - Check the feature does no longer show up in OPAC
 - Check that a new installation also has the system preference with correct default

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2012-04-10 15:26:37 +02:00
7eef4c8c70 Bug 5668 - Star ratings in the opac
patch applied to commit eb3dc448d2

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on star ratings in the opac on details and results
Searched for titles - saw the stars
Clicked on a title
Clicked on the stars
Clicked on the stars to change my rating
Logged out
Tried to click on stars
Logged in as different user
Rated items that were rated already and saw average change
Changed preference to show only on detail and repeated tests
Changed preference to now show stars

All above tests passed. Signing off.

Rebased 3-19-12 by Ian Walls

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-10 14:40:49 +02:00
Dobrica Pavlinusic
d0b2d72e0b Bug 7766 - C4/Auth.pm: emit DEBUG output to STDERR
writing to STDOUT breaks plack when running with DEBUG=1

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-04 18:09:24 +02:00
c4d21bcbfe Bug 7310: Code changes for Improving list permissions
This lays the foundation for further changes for report 7310.
Implements following points from the wiki page List permissions:
1) Preference that controls if users may create public lists in opac.
2) New add/delete own/delete other permissions per list.

Code has been changed (in some cases refactored). New permissions are not yet visible; with this patch current functionality is kept as much as possible while resolving several issues, improving permissions and extending the code for further developments (using the new permissions and sharing lists).

Feb 23, 2012 (revision): Changed defaults for new lists. Could also remove routine GetRecentShelves by using GetSomeShelfNames in catalogue/search.pl just as opac-search.pl already did. (More consistent.)

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>

Feb 29, 2012: Automerge version.
March 5, 2012: Rebase for pushed 4912 patch.
March 21, 2012: Rebased. Resolving some conflicts in relation to pushed report 7719.
2012-03-21 16:46:40 +01:00
Robin Sheat
4cbeeedbe8 Bug 6296: allow users to be authenticated by SSL client certs
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress

If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.

The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.

This is an example of what might go in the Apache configuration for the
virtual host:

    #SSLVerifyClient require # only allow PKI authentication
    SSLVerifyClient optional
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
    SSLOptions +StdEnvVars

The last line ensures that the required details are
passed to Koha.

To test the PKI authentication, use the following curl command:
    curl -k --cert client.crt --key client.key  https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)

To create the certificates needed for the above command, the following series
of commands will work:
    # Create the CA Key and Certificate for signing Client Certs
    openssl genrsa -des3 -out ca.key 4096
    openssl req -new -x509 -days 365 -key ca.key -out ca.crt
    # This is the ca.crt file that the Apache config needs to know about,
    # so put the file at /etc/apache2/ssl/test/ca.crt

    # Create the Server Key, CSR, and Certificate
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr

    # We're self signing our own server cert here.  This is a no-no in
    # production.
    openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
        -set_serial 01 -out server.crt

    # Create the Client Key and CSR
    openssl genrsa -des3 -out client.key 1024
    openssl req -new -key client.key -out client.csr

    # Sign the client certificate with our CA cert. Unlike signing our own
    # server cert, this is what we want to do.
    openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
        -set_serial 02 -out client.crt
    openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
    # In theory we can install this client.p12 file in Firefox or Chrome, but
    # the exact steps for doing so are unclear, and outside the scope of this
    # patch

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
2012-03-19 17:02:44 +01:00
2577e0b6c5 7261 Followup to make tests consistent
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2012-03-14 14:14:24 +01:00
Juan Romay Sieira
68ddf79121 Bug 7261 System Preference to select the first day of week
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
2012-03-14 14:14:12 +01:00
808b2a44c4 Bug 7616 - Remove unused template markup for css_libs, css_module, js_libs, etc.
Removing references to unused template variables and markup.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-03-08 16:06:04 +01:00
52afe06ddd Bug 6193 - Follow up: use SetEnv and remove memcached from koha-conf.xml
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Confirmed that memcached is still being used after the memcached configuration
in koha-conf.xml was removed, and the following two lines were added to
both virtual hosts in koha-httpd.conf:
SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
SetEnv MEMCACHED_NAMESPACE "KOHA"
2012-02-20 23:24:02 +01:00
Paul Poulain
e780e0669c Bug 6875 de-nesting Auth.pm
* removed use C4::Koha that is useless
* moved "use C4::Members" to "require C4::Members" just before GetMemberDetails call. This will avoid loading C4::Member everytime a page is called by someone not logged

* still to do = work on C4::VirtualShelves, that can be optimized, definetly !

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master, 28 Jan 2012

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Please WAIT with virtual shelves. Working on that..
Tested and marked as Passed QA.
2012-02-15 14:58:42 +01:00
MJ Ray
d4b132136c Bug 7476 Remove executable bit from files that probably should not be executed
Signed-off-by: Aleksa Vujicic <aleksa@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended to replace some copy-and-paste comments only with consent of MJR.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-03 14:22:15 +01:00
Paul Poulain
81cf767b17 Merge remote-tracking branch 'origin/new/bug_7367' 2012-01-27 12:38:00 +01:00
9c0ce2bf3b 7367 Removing reintroduced debugging statement from Auth.pm
Commit 07d1eae7cc removed this statement from the module, but some months later commit 7b12e07d3b reintroduced it again while reindenting code ;)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2012-01-27 12:30:48 +01:00
Jared Camins-Esakov
587e2e920e Bug 1633: QA follow-up
* Show the "Upload images" button when OPACLocalCoverImages is enabled but
LocalCoverImages (i.e. local cover images on the staff client) is not
* Correct copyright and license comments in new files
* perltidy and replace tabs by four spaces

Signed-off-by: Koustubha Kale <kmkale@anantcorp.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-24 11:16:10 +01:00
Jared Camins-Esakov
b4fb5d4095 Bug 1633: [SIGNED-OFF] Add support for uploading images to Koha
A frequently-requested feature for Koha, especially by special libraries, is
the ability to upload local cover images into Koha.

This patch adds a bibliocoverimage table, and image handling code in the
C4::Images module. Key features of the implementation include:
1. The ability to have multiple cover images for a biblio
2. Handling for "full size" (800x600) and thumbnail-size (200x140) images
3. Uploading images directly from the record view

The image display functionality by Koustubha Kale of Anant Corporation will
follow in a second patch.

Special thanks to Koustubha Kale and Anant Corporation for the initial
implementation of local cover images, and to Chris Nighswonger of Foundation
Bible College for his prior work on patron images.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Will add comments on Bugzilla.

Patch failed to apply because installer/data/mysql/sysprefs.sql had changed in master.
Corrected the same with this new patch.
2012-01-24 11:16:02 +01:00
Julian Maurice
8ffbf4e88c Bug 6694: Problem with casAuthentication syspref
A missing test in checkauth caused anonymous session to be destroyed and
re-created at every call when this syspref was set.
Almost the same issue is also fixed in check_api_auth, which caused
C4::Service->init to fail.

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-20 14:19:56 +01:00
Duncan Tyler
00290e8619 Bug 6627 [Signed Off] - Update to improve security in specified log files - bug 6627
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Verified sessionlog file is not written to /tmp when patch is applied. Also verified original bug - logging in did in fact log to /tmp.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-06 14:20:34 +01:00
Salvador Zaragoza Rubio
4a2a95cc25 Bug 6483 - Paging in opac-detail when coming from a search
Add paging in opac-detail when coming from a search to be
able to continue viewing the previous and next register
from the detail without returning to the results.
The partial list pagination can be showed to increase forwarding
or rewinding in the pagination.
It's implemented for Zebra search and not build_grouped_results.

The param busc with all the information from the search is stored
on the session when running opac-search and opac-detail, outside these
pages the busc param is removed from the session.

A list of the biblionumbers inside the OPACnumSearchResults range
is passed to avoid repeating the searching everytime we see the
previous or next biblio. The searching will be run again when
we are going to exceed the list and a new one will be calculated
from the new search.

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-21 04:57:09 +13:00
bf64266e99 Follow-up fix for Bug 4473 - Recent comments view for the OPAC
This follow-up adds a system preference which controls display
of a link to recent comments in the OPAC masthead alongside
"Advanced search," "Tag cloud," etc.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-20 12:12:45 +13:00
Chris Cormack
a118102d4e Merge remote-tracking branch 'kc/new/bug_5995' into kcmaster 2011-10-15 12:59:34 +13:00
Ian Walls
dcb4ac77fb Bug 5995 Followup: checkpw was returning inconsistent values
In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the
userid.  This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to
uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the
desired value in the right way.
2011-10-15 12:58:10 +13:00
d7cbdd3d0b Bug 6825 OpacNav menu hide user menu on opac-user.pl page
This patch add a new syspref OpacNavBottom which is placed on all pages
after OpacNav. On Patron pages, specif patron links are placed between
OpacNav and OpacNavBottom, like this:

  OpacNav
  Patron links
  OpacNavBottom

To test:

  1 Apply this patch
  2 For RM, modify kohaversion.pl and updatedatabase.pl appropriately
  3 Test that OPAC pages are displayed as before, OpacNav on the left
  4 Test OPAC patron pages: OpacNav is as before displayed after patron
    links
  5 Split OpacNav between itself and OpacNavBottom
  6 Patron pages display patron links between OpacNav and OpacNavBottom

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-14 11:20:06 +13:00
Paul Poulain
1c0702c76e Bug 5630, follow-up
Fixes chris comment 28, that was a consequence of Marcel comment 27
Recent error
[Thu Sep 01 14:22:45 2011] [error] [client 192.87.126.61] [Thu Sep  1 14:22:45
2011] opac-MARCdetail.pl: DBD::mysql::st execute failed: Unknown column
'limit_desc' in 'field list' at /usr/share/koha/testclone/C4/Auth.pm line 276.
Seems to come from this commit 9a3950f673 (5630
CAS Improvements)

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:51:12 +13:00
Ian Walls
74c7c4e3a5 Bug 5630 Followup: checkpw_ldap not imported
If LDAP authentication is used, Koha barks that C4::Auth::checkpw_ldap is
undefined, which is true.  checkpw_ldap needs to be imported from C4::Auth_with_ldap,
like it was before the bug fix for 5630

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:50:50 +13:00
Chris Cormack
046c996c2f Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:49:49 +13:00
Jared Camins-Esakov
f09e2ca27e Bug 5528: Analytic records support
Display links to parent biblios, show linked items in holdings, allow holds on
linked items. This uses MARC to maintain relationships.

Sponsored by the Mississippi Department of Archives and History and RapidRadio
Solution. Originally developed by Savitra Sirohi and Amit Gupta at OSSLabs, with
UNIMARC support added by Zeno Tajoli. Commits squashed and merge conflicts
resolved by Chris Cormack from Catalyst. Respect for NORMARC and some small
framework portability fixes made by Jared Camins-Esakov of C & P Bibliography
Services.

IMPORTANT NOTE: A bug in the 773 coding for MARC21 was corrected from the
original OSS Labs code. The 773s generated by the pre-release code did not have
the first indicator set to '0', which means that they were not supposed to
display. Going forward, the first indicator will be set correctly, but existing
records created with this code will no longer appear (they appeared before only
due to another bug). To correct this, you could globally (or, to make sure you
only modify records created with the Analytics tool, for records with 773$0)
change the first indicator of the 773 from blank to '0'.

== Background ==
An analytic record for an item is a more detailed, monographic biblio for an
item attached to a serial record .  This is often used for special issues of a
journal that are released as books on their own (assigned an ISBN, as well as an
ISSN/volume/issue).  It is important for researchers to be able to search for
these items both as issues of the serial, and as monographs.  It is equally
important for the library to not have duplicate item records for the item in
question to have to keep synchronized.

== Establishing relationships ==
Analytical records are connected to items belonging to parent or host
bibliographic records. This can be accomplished by:
* From an analytical bibliographic record linking to an host item by providing
  the item barcode as input
* From a host item by using option "analyze", this creates a new empty
  bibliographic record with field 773 (MARC21) populated
* Running a new CLI script that establishes a relationship between the
  analytical record and the host item identified by the barcode in the
  analytical record's 773$o (MARC21)

== Connecting Records ==
The relationships are maintained in the MARC records, we have not used database
tables at all.

== MARC Representation ==
In MARC21/NORMARC we have used:
* 773$9 to store the Koha item number of the host item
* 773$0 to store the Koha biblio number of the host bibliographic record

The above fields are used to display the relationships in various screens in the
OPAC and the staff interface. Additionally, when populating field 773 with host
item's details, we have used following MARC 21 mapping:
* 'a' <= 100/110/111 $a (author main)
* 'b' <= 250$a (edition)
* 'd' <= 260$a, 260$b, 260$c (place, publisher, year)
* 'o' <= barcode
* 't' <= 245$a (title)
* 'w' <= (003)001 --> if no 001 is available, we can populate biblionumber
* 'x' <= 022$a (issn)
* 'z' <= 020$a (isbn)

In UNIMARC, this code uses:
* 461$9 to store the Koha item number of the host item
* 461$0 to store the Koha biblio number of the host bibliographic record

When populating field 461 in UNIMARC, the following mapping is used:
* 't' <= 200$a (title)

== Treatment of Holds ==
A key requirement was to allow holds to be placed on host items from the
analytical record. We have accomplished this by allowing holds on specific
copies only. Biblio level holds are not allowed. This ensures that holds are
placed on specific items that are relevant to the analytical record.

== Deleting host items with linked analytical records ==
As we have not used database tables to maintain relationships, we had to use
search to find out if any linked analytical records are present. If 1 or more
analytical are present, we do not allow deletion of items. This is similar to
what we see when we try to delete authority records.

== Importing analytical records ==
Analytical records can be imported using bulkmarcimport or the GUI tools. The
new CLI script can be executed after the import to establish relationships with
host items. The script will establish relationships using the host item's
barcode, the barcode must be present in 773$o of the analytical record.

== What if there are two or more copies of the host item? ==
The current design will require that there be two host (773) fields, one for
each copy.

== What if there is no barcode available for the host item? ==
It is still possible to establish a relationship, by populating 773$9 with the
host's item number. However the CLI script uses barcode in 773$o to establish
relationships so it won't work where barcodes are unavailable. Also from an
analytical record, it is possible to establish a relationship to a host item by
providing the barcode as input, this option will not be available as well.

Commits that added the following features were squashed by Chris Cormack (this
is not a list of every commit):
* Display links to host records from biblio detail screens
* Support for UNIMARC, respecting the system preference 'marcflavor'
* Support holds from the OPAC
* Ability to link to items belong to host records from a analytical record
* Display items belonging to host records in the moredetail page
* Ability to edit items belonging to host records, also ability to delink from
  them
* Move get host items code into a C4 routine, also calling the new routine in
  related perl scripts
* Move host field population to a C4 routine, all changes in pl files to call
  new routine
* Allow only specific copy holds for analytical records plus changes to use new
  C4 routines
* Support for holds on items linked via host records
* Storing bibnumber and itemnumber in subfields 0 and 9, plus other mapping
  changes
* New command line script that establishes relationships between analytical
  records and host items and bibs. The script looks for host field (MARC21 773)
  in records, and based on barcode in subfield 'o' populates host bibnumber in
  subfield '0' and host itemnumber in subfield '9'. The script can be run after
  an import of analytical records, it can also be run in the crontab to maintain
  the relationships
* Ability to create analytical records from items, to view linked analytics, and
  prevent deletion of items that have linked analytics
* New template for catalogue/detail.pl (NOTE: not a new template file, just a
  new way of displaying analytics), template displays linked analytics and
  allows creation of analytical records
* New zebra index for item number in host fields. This index will be used to
  display links to analytical records from host records
* Display title of host record instead of the phrase host record
* Using detail.tmpl for analytics tab instead of a new template file
* Improved qualification info prepration in Prephostmarcfield
* Check for linked analytics before deleting item
* Display link to host record and more meaningful anchor text for edit item link
* Analytical record: Unimarc index in record.abs and help in
  create_analytical_rel.pl
* Adding a sys pref that controls display of options to create analytical
  relationships
* Add host entry in XSLT stylesheet in staff item detail
* Added host record support to OPAC detail XSLT
* Adding 773$0 and 773$9 to all frameworks
* Adding 773 subfields 0 and 9 to default marc framework via updatedatabase.pl
* Display create analytics and used in links in catalog detail
* Fixed problem where analytical records not showing in OPAC search results
  because GetMarcBiblio now needs a flag to add item records
* Fixed problem where analytics count was set to 1 for all records, not just
  those with analytics
* Fixed catalogue detail page not to show analytics counts if count is 0

Conflicts:
	installer/data/mysql/updatedatabase.pl
	koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
	kohaversion.pl

Co-author: Savitra Sirohi <savitra.sirohi@osslabs.biz>
Co-author: Zeno Tajoli <tajoli@cilea.it>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:03:39 +13:00
Robin Sheat
85b1d6d558 Bug 6636 - add 'powered by Koha' text to OPAC footer
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
  QA control: added () inside 2 [% IF %]

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-09 20:13:09 +13:00
6b8be20497 Bug 6755 Problems with switching languages
This patch solves the situation that news is in another language than
the Koha interface AND makes that themelanguage routine is always called
the same way in order to prevent mixed display.

It fixes also a bug related to language preselection based on web
browser prefered language.

September 9: Adjusted with input of Frederic Demians.

Septembre 10: Avoid circular dependency, as pointed by Chris Cormack.
Templates related functions are moved from C4::Output to C4::Templates

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-23 09:47:09 +12:00
Chris Cormack
e8f654fcd2 Revert "Bug 5630 CAS improvements"
This reverts commit 9a3950f673.
2011-09-02 13:22:20 +12:00
Chris Cormack
9a3950f673 Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-10 13:16:35 +12:00
cbf473d592 Bug 5429 : Open Library book covers
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-04 13:30:23 +12:00
Colin Campbell
306dc79217 Bug 5453 : Move declarations out of conditionals
Patched for C4 Modules

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-07-15 15:50:24 +12:00
Francois Marier
413f306961 Bug 6298 : Create new ShowReviewerPhoto preference
This new system preference (in OPAC Features) allows libraries to
turn off reviewer photos entirely if they want to. The default is
for these photos to be shown.

Note that this setting is linked to ShowReviewer in that both of
them need to be turned ON for the avatars to be displayed.

Signed-off-by: Francois Marier <francois@debian.org>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-07-05 15:01:13 +12:00
Matthias Meusburger
417c9084b4 Bug 5995 : MT2892: Fix security issue in CAS intranet login
Users could log in intranet using their cardnumber, with superlibrarian
rights.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-05-14 04:31:59 +12:00
Colin Campbell
0d663c7e8a Bug 6237: remove compile time warning
Remove a 'variable in void context' warning from
C4::Auth which shows up as a compile warning in all users of
the module and generates log noise

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-22 07:30:55 +12:00
Chris Cormack
1e7c5166aa Merge remote branch 'kc/master' into new/enh/bug_5917 2011-04-08 14:29:21 +12:00
Colin Campbell
0cf2eccfe9 Bug 5529 Absence or Presence of lists not being reliably returned
C4::VirtualShelves::GetRecentShelves contained some rather confused
code The contents of the requested list are returned in an arrayref
which was in its turn being wrapped needlessly in an array
As a result the returned array always consisted of a single element
irrespective of the number of lists.
Made the routine return the arrayref, which can now be tested directly
Unfortunately rather than fixing this we had previously coded around it
assuming it to be a "design" decision. Have amended other calls of
the subroutine resulting in some hopefully less obscure code

Fixed logic error in the results template which displayed new list
within a test for the presence of lists

Removed the offset parameter from the sql in the routine as it was hardcoded
to 0 i.e. the default value

Signed-off-by: fdurand <frederic.durand@univ-lyon2.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-08 10:51:47 +12:00
Chris Cormack
363ea5ce08 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/updatedatabase.pl
2011-04-05 15:39:12 +12:00
Chris Cormack
cd62e6ed02 Bug 5917 : Fixing a problem with login 2011-04-04 12:56:01 +12:00
Chris Cormack
ead56def26 bug 4865: Enable session storage in Memcached
Note: this requires CGI::Session::Driver::memcached to be installed

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-04 10:38:50 +12:00
Chris Cormack
eb4ad6e44e Merge remote branch 'kc/master' into new/enh/bug_5917 2011-04-03 22:35:24 +12:00
Katrin Fischer
284cfbc234 Bug 5897: Add new syspref ShowReviewer
This patch adds a new syspref ShowReviewer.

If ON (default) the reviewer/author of an OPAC comment will show.
If OFF the reviewer's name will be hidden.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-01 20:15:46 +13:00
Chris Cormack
6350a7d1cb Bug 5917 : Fixing a bug with signedin users 2011-03-31 08:59:27 +13:00
Chris Cormack
76184e1db0 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
2011-03-30 08:39:10 +13:00
b5a050d759 Fix for Bug 5833, opacstylesheet not loading on all pages
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-29 21:58:14 +13:00
Chris Cormack
96f7cfabca Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
	installer/data/mysql/ru-RU/mandatory/system_preferences_full_optimal_for_install_only.sql
2011-03-23 21:47:03 +13:00
Jared Camins-Esakov
637cf26045 Bug 5641: Replace Favicon through staff client
This patch adds two sysprefs:
OpacFavicon
IntranetFavicon

The two sysprefs take full URLs to an alternate favicon.ico file for the OPAC
and Staff Client, respectively. Leaving them blank will use the favicon.ico file
that is included with Koha.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-23 21:41:32 +13:00
Chris Cormack
dbf6bd4be0 Merge remote branch 'kc/master' into new/enh/bug_5917 2011-03-22 15:06:44 +13:00
Jared Camins-Esakov
0a1f05a5a2 Bug 5390: OPAC loses library selection
This patch ensures that the OPAC library selection masthead will always default
to the branch that is currently being searched. This only applies to systems
with multiple branches and OpacAddMastheadLibraryPulldown turned on.

To test: do a search in the OPAC, limiting by branch. The search results will
still have that branch selected in the masthead dropdown.

This patch also fixes bug 5852 and bug 3778.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-22 14:59:16 +13:00
Chris Cormack
03890c90ac Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/en/mandatory/sysprefs.sql
2011-03-21 19:54:11 +13:00
Colin Campbell
7f0a326da5 Bug 5890 Correct Mismatched operator in comparison
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-18 10:47:52 +13:00
6709d0e4f7 Follow-up correction for Bug 5462 - Fix variable names for template::toolkit
Previous commit modified checks for the item-level_itypes preference
to look for a different variable name but didn't update where that
variable is set in Auth.pm.

Other scripts perform a direct check of item-level_itypes and must
continue to use the name of the variable in the database.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-08 21:03:28 +13:00
Ian Walls
a0dc124a95 Bug 3881: OPAC Privacy reimplementation
Reimplements Paul Poulain's original OPAC Privacy patch, with some minor improvements and changes to wording

If the library enables the OPACPrivacy system preference along with the opacreadinghistory preference, and sets
an AnonymousPatron (must be a valid patron number in the database), the user will see a new tab upon login to
the OPAC, My Privacy.  From there, the user can:

- Set their OPAC Privacy to one of three values
  0 - Forever.  This keeps their reading history unless they explicitly delete it; the bulk anonymiser won't touch it
  1 - Default.  Keep reading history until either they delete it or the library does
  2 - Never.    Instantly anonymises reading history upon item return

- Instantly delete their reading history
  There is a warning and a popup to confirm.  I've removed Paul's extra confirm checkbox, which seemed redundant

A note of which preference the patron has selected is added to the Patorn Details page in the staff client.  This is read-only.

This patch also consolidates Privacy system preferences into the Privacy section of the OPAC tab.

Thank you to BibLibre for the original implmentation of this patch, and Los Gatos Public Library for funding and
testing the reimplementation.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-31 22:23:50 +13:00
Mason James
f46b03cf2d Bug 4289: 'OpacPublic' feature
applied to git tag 'v3.02.00-rc'

Frédéric Demians:

  - Rebased this patch to HEAD
  - Solved a merge conflict
  - The patch works as described here:
    http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4289

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-19 14:30:34 +13:00
Katrin Fischer
c6a9141413 Bug 3381 - Add an IntranetUserCSS system preference
Add an IntranetUserCSS sys pref that works like OPACUserCSS in OPAC only for intranet.
2010-12-13 08:01:41 +01:00
1bd67e28e5 Bug 5066 (Log timestamp consistently in _session_log)
Small fix with thanks to Galen.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-18 09:00:10 +13:00
d4f02c469b Fix for Bug 4359, noItemTypeImages not active in OPAC
- Auth.pm put the noItemTypeImages preference under "intranet only."
  Moved it to "OPAC or intranet."
- Added check for the preference on the OPAC advanced search page.
- Improved logic for displaying images on the reading history page.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-13 20:19:12 +13:00
Chris Cormack
f9299b1a76 Merge remote branch 'kc/master' 2010-11-01 10:56:05 +13:00
2b8470ddf8 bug 3756: start removing references to disused sysprefs
holdCancelLength
PINESISBN
sortbynonfiling
TemplateEncoding

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-21 20:35:35 -04:00
Chris Cormack
f245998ac9 Merge commit 'kc/master'
Conflicts:
	docs/history.txt
2010-06-25 10:43:18 +12:00
0700a8b732 bug 4896: granular permissions now always on (DB rev 138)
Per the following koha-devel thread, the use of
staff user subpermissions, AKA granular permissions, is
now the default behavior in Koha.  This patch removes
the GranularPermissions system preference.

[1] http://lists.koha-community.org/pipermail/koha-devel/2010-February/033670.html

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-19 07:56:03 -04:00
Chris Cormack
4c14cd317e Merge commit 'kc/master' 2010-06-14 09:15:00 +12:00
Andrew Elwell
8480f56370 Another batch of POD cleanups
Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-09 08:38:56 -04:00
Jane Wagner
fde1abd82e Bug 4394 REVISED Allow opaccolorstylesheet syspref to use an external URL
Previous code would only allow for an auxiliary stylesheet on the same server.  This checks for
http in the opaccolorstylesheet syspref.  If it's found, sets a different variable pointing to the
remote server location.  If not found, retains the previous css directory path.

Also modifies the description of opaccolorstylesheet in the installer files to reflect current
usage as an auxiliary stylesheet.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-05-17 12:32:46 +12:00
46737a702c fixed Syndetics breakage
Reverts part of commit 7b12e07 that removed references
to the Syndetics sysprefs in C4::Auth for no apparent reason.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-05 12:11:30 -04:00
86c82d0aaa Fix to enable Amazon cover images in the staff client.
Since this fix enables the previously-missing variable
'AmazonEnabled' in Auth.pm, this will also enable other
Amazon content in the staff client like Product
Descriptions and Amazon Similar Items (See Bug 3863)

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-29 21:03:58 -04:00
Donovan Jones
593a7d8e6a Bug 2505 - Add commented use warnings where missing in *.pm 2010-04-21 20:28:51 +12:00
Lars Wirzenius
4523a2df0d Fix file permissions: if it is not a script, it should not be executable.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-16 00:40:34 -04:00
777e5d53cd fix typo in variable name
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-17 09:15:45 -04:00
Srdjan Jankovic
863938f16c Escape input that goes in HTML; Reworked search history insert SQL
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-17 09:12:01 -04:00
b340fb834c bug 4314: add using_https environment variable
Added new HTML template variable, using_https, for use
of OPAC or staff-side templates that may need to know
whether to use http:// or https:// links to off-site
content.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:23:35 -04:00
Lars Wirzenius
7279f55b60 Fix FSF address in directory C4/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:56 -04:00
79b8fca2b1 Additional changes to fix Bug 3920, XSLTdetailDisplay syspref controls both OPAC and Intranet
This patch adds XSLTDetailsDisplay and XSLTResultsDisplay variables
for the staff client, OPACXSLTDetailsDisplay and OPACXSLTResultsDisplay
variables to the OPAC. Note that the XSLTResultsDisplay doesn't actually
do anything because no one has added an XSLT version of search results
to the staff client.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-10 22:36:25 -05:00
ff4d456072 Bug 3920 - Add 2 syspref to activate XSLT use in OPAC/Intranet
- Add two syspref:
  - OPACXSLTResultsDisplay
  - OPACXSLDetailsDispay
- Add them to .pref files and dispatch them beetween OPAC and Search
  tab.
- Upgrade DB version to 3.2 .113
- Fix something wrong in UNIMARCslim2intranetDetail.xsl
- Display OPAC result and detail pages using those syspref.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 08:08:44 -05:00
1f54d10475 Fix for Bug 4073, Add globally template variable for dateformat setting
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-02 18:37:37 -05:00
Nahuel ANGELINETTI
800494a5ef (bug #4004) disallow access for non-logged in users in opac
This doesn't define borrowernumber = 0 if a borrower is NOT logged.
We know borrowernumber 0 is mysqluser... So in virtualshelves, a non logged user have all permissions.
2010-01-28 15:11:52 +01:00
Kyle M Hall
2d1d4cd6e7 OpacAddMastheadLibraryPulldown
In the current OPAC, there is no easy way to search a particular library.
By default, a user searches all libraries, or with SearcMyLibraryFirst turn on,
the user's home library. In dev_week, a library pulldown menu existed in the search masthead.

This commit adds the option to bring that pulldown menu back
by turning on the system preference OpacAddMastheadLibraryPulldown
2010-01-20 22:38:23 +01:00
9cdf370f67 Fix for Bug 3589, OpacHighlightedWords sys pref does nothing 2010-01-15 10:12:28 +01:00
ec48133f71 Bug 3863 - Amazon Content Not Working
Sysprefs were not sent to templates.
2009-12-20 14:27:03 +01:00
Henri-Damien LAURENT
5b9ed679c5 haspermission signature had changed 2009-11-23 17:05:55 +01:00
Matthias Meusburger
54b6b9bd1d Remove ticket parameter from auto added hidden fields.
(Normal login directly after a failed CAS login didn't work previously to this removal)
2009-11-23 16:37:54 +01:00
Matthias Meusburger
c92bc8d73b Added debug mode for CAS warn messages 2009-11-23 16:34:31 +01:00
Matthias Meusburger
26d85c3cd6 Add missing return when CAS user is invalid 2009-11-23 16:32:40 +01:00
Henri-Damien LAURENT
36a01ea347 Second CAS version : CAS and non-CAS login can coexist
Conflicts solved :

	C4/Auth.pm
	opac/opac-main.pl
2009-11-23 16:26:35 +01:00
Matthias Meusburger
77ab8970f1 Add a syspref for CAS logout 2009-11-23 16:23:27 +01:00
Matthias Meusburger
acdd090246 Moved CAS configuration from config file to sysprefs 2009-11-23 16:23:20 +01:00
Henri-Damien LAURENT
7126496210 First CAS version : when CAS is enabled, login through CAS is mandatory
Conflicts solved C4/Auth.pm
2009-11-23 16:21:37 +01:00
Nahuel ANGELINETTI
2bf19bc97a (bug #3674) allow users creation with disabled password 2009-11-19 10:40:28 +01:00
Paul Poulain
ed047fead8 adding XSLT for intranet (UNIMARC only, MARC21 will be done by kf)
- the XSLTParse4Display sub now has a new parameter : the interface (intranet or opac)
- the XSLTdisplay sysprefs is common to staff & opac (Auth.pm)
- added UNIMARC xslt in intranet templates (modified to deal with staff/opac differences)
2009-11-10 22:23:50 +01:00
Matthias Meusburger
38b3a375b4 MT 1110, Follow-up : Balance cart and lists : cart is now in the intranet 2009-10-14 15:27:40 +02:00
Paul Poulain
7b12e07d3b adding acquisition as sub-perm managed module
+ some reindenting
2009-09-30 11:30:14 +02:00
Henri-Damien LAURENT
feeafa8168 Adding Opac-SearchHistory feature
Enables ppl to store their search history and delete the whole history

Adding Storable required by Opac-Search-History

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:22:21 +02:00
Michael Hafen
5de6ec3c15 Avoid potentially unnecessary database call in Auth
Auth, after verifying the session/logging in the user, calls to the database
to get the users borrowernumber.  This call is probably unnecessary because
borrowernumber is part of userenv.  Check userenv before going to the database.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-14 20:29:39 -04:00
Nicole Engard
6dd6af59c2 Bug 2576: Added OPACFinesTab Syspref
This preference allows library staff to decide whether to show
the fines tab in the OPAC for logged in patrons.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:47:35 -04:00
Nicole Engard
e71c8a4343 Bug 1172: Added OPACPatronDetails system preference
This patch allows library staff to disable the patron details
tab on the OPAC.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:47:34 -04:00
de66ef5c49 bug 3564 follow: ensure NoZebra is passed to templates
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-30 22:07:09 -04:00
Joe Atzberger
41d3e534d2 Fix Maintenance page.
Without this, the mainenance page would not display because of:
Cannot use undefined value as a HASH reference in C4/Auth.pm

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-09 13:08:43 -04:00
MJ Ray
d3c734c750 Use strftime to format sessionlog times
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-15 12:43:28 -05:00
Joe Atzberger
f35b144668 Pull the last OPAC-specific tmpl vars out of gettemplate.
These don't belong every template, only on OPAC:
~ opacstylesheet
~ opaccolorstylesheet
~ opacsmallimage

The latter 2 were already being populated in C4::Auth anyway.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-05 17:03:13 -05:00
Ryan Higgins
ca5e412c1b bug 3244: Support for multiple PAC interfaces.
Adds three env vars allowing url-specific search limits, and defining
how the limit interacts with 'SearchMyLibraryFirst'.
See http://wiki.koha.org/doku.php?id=en:development:rfcs3.2:rfc32_multiple_opac

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-27 10:52:23 -05:00
Joe Atzberger
ccb64c18ee Bug 3177 - haspermission offers bogus option
$intflags was never used or returned if hashref instead of userid was passed.
Also cleaned up needless passing of $dbh.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-01 07:16:20 -05:00