Commit graph

86 commits

Author SHA1 Message Date
Srikanth Dhondi
f2162a86b0 Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt
What this patch aims to accomplish?

 * All new passwords are stored as Bcrypt-hashes
 * For password verification:
     - If the user was created before this patch was applied then use
        MD5 to hash the entered password <-- backwards compatibility
     - If the user was created after this patch was applied then use
       Bcrypt to hash the entered password
 * Any password change made via the staff interface or the OPAC will
   be automatically Bcrypt-hashed; this applies to old users whose
   passwords were stored as MD5 hashes previously

Test plan:
  1) Add new users and check whether their passwords are stored as
     Bcrypt hashes or not.
  2) To test that authentication works for both old as well as new
     users:
       a) Login as an existing user whose password is stored as a
          MD5 hash
       b) Login as an existing user whose password is stored as a
          Bcrypt hash
  3) In the staff interface, change the password of an existing user
     whose password is stored as an MD5 hash
	a) Check the new password is stored as a Bcrypt-hash in the database
	b) Try to login with the new password
  4) In the OPAC, verify that
    a) Old user with old pass can change password, new format
    b) New user with new pass can change password
    c) Old and new user with self-updated pass can login

Whitespace cleanup was contributed by  Bernardo Gonzalez Kriegel.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
a4e804fceb Bug 9917 - Routing list tab on patron account should depend on syspref/permission
The routing list tab displays on patron pages even if the RoutingSerials
preference is OFF. Display of the tab should be conditional on that pref
being turned on.

This patch adds a check for the RoutingSerials preference to the menu
include files and amends the affected scripts to make the variable
available on the pages where those includes are used.

To test, view the following pages with RoutingSerials both on and off.
The routing list tab should be shown and hidden accordingly:

- Circulation
- Patron details
- Patron fines
- Pay fines
- Pay amount/selected (click from the Pay fines page)
- Create manual invoice
- Create manual credit
- Patron circulation history
- Patron modification log
- Patron notices
- Patron routing lists
- Patron statistics
- Patron files
- Patron permissions
- Set patron password
- "Can't delete patron" page (try to delete a patron with checkouts).

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Touches a lot of files, but only a tiny change in each, works well.
Could perhaps be set in C4/Auth instead, but that's no reason not to
sign off

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-31 08:52:35 -04:00
Fridolyn SOMERS
ab0b5b5283 Bug 9953 - When OpacMaintenance breaks lifting debarment
When OpacMaintenance is on, any opac page will redirect to maintenance.pl.
Some pages of intranet have the same behavior and you get 404 error.
This is because in checkauth, if type arg is undefined it is "opac" by default.

This patch adds type arg in all intranet calls of checkauth.

Test plan :
- Set syspref OpacMaintenance=Show
- Go to a borrower page
- Click on "Fines" and "Create manual invoice"
- Enter an amount and save
=> Check you go to members/boraccount.pl and not maintenance.pl with 404 error

OK

- Click on "Fines" and "Create manual credit"
- Enter an amount and save
=> Check you go to members/boraccount.pl and not maintenance.pl with 404 error

OK

- Edit borrower
- Set "Restricted" to yes and save
- Click on "Lift restriction" in messages
=> Check you keep in member page and not maintenance.pl with 404 error

OK

- Edit borrower
- Set "Expiry date" to a day in the past and save
- Click on "Renew" in messages
=> Check you keep in member page and not maintenance.pl with 404 error

OK

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Good catch, a tricky bug.
http://bugs.koha-community.org/show_bug.cgi?id=9952

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Removed a few tabs from mancredit.
All tests and QA script pass now.
Good test plan.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-30 17:08:27 -04:00
4a6ec50c62 Fix for Bug 5280 - Fix password field so that the password is masked as it is entered
This patch changes the password field to a password type input on
member-password.pl and adds a confirmation field to both member-password.pl
and memberentry.pl requiring that the password be re-entered to
confirm.

Client-side and server-side validation for the two password fields has been added
to both pages. Multiple error messages can now be displayed together on
member-password.pl.

If the user wishes for Koha to suggest a random password on member-password.pl
they can click a link which will remove the password-type input fields, replace
them with text-type fields, and automatically fill them with the random
password suggestion.

Follow-up fix lets the members.js correctly handling errors when there are
no mandatory fields

LR followup: fixing slight error that corrects previously reported template error.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Tested password setting/changing utilities - all work as expected and described.
Passes prove t xt t/db_dependent tests congruent with current master failures (adds no new fails).

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-13 16:39:59 +01:00
Aleksa Vujicic
3982d97af3 Bug 6964 - 'Add child' function should be dependant on system preference 'borrowerRelationship'
The 'Add Child' button is not shown if 'borrowerRelationship' is empty.

System preference description changed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-02 11:36:05 +01:00
d150c98540 Fix for Bug 6980, Patron attributes are shown when ExtendedPatronAttributes is disabled
This patch adds a check for the value of the ExtendedPatronAttributes
preference to the scripts and corresponding logic to the templates
controlling the sidebar menu.

The patch also corrects a duplication of attributes code in moremember.pl

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
1) Added extended patron attributes in configuration, turned ExtendedPatronAttributes on
2) Altered patron details, added values for patron attributes
> Verified patron attributes show show correctly
3) Turned off ExtendedPatronAttributes
> Verified patron attributes were hidden everywhere

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-20 11:37:37 +13:00
Henri-Damien LAURENT
061f2e9251 Fix for Bug 5436 - Extended patron attributes display improvements
Show patron attributes in the sidebar on circ and patron pages

[Edit from Owen Leonard: This patch takes changes originally in
Bug 5436 and isolates just the parts relating to display of
patron attributes. Because function for pulling patron attributes
was merged with the function for displaying address information
in SetMemberInfosInTemplate() (also found in Bug 5749), I moved
the call to GetBorrowerAttributes into the individual scripts.
That keeps the functionality relating specifically to patron
attributes separate from the proposed changes to displaying
addresses.

Because I think it's important to keep the display consistent,
I added display of patron attributes to all pages which include
the patron information sidebar.]

Rebased for compatability with bug 3489 and database documentation by
Ian Walls, 9-21-11

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-23 15:35:54 +12:00
e82f88d5d9 Additional fixes for Bug 5422, Separate state field for patron's adresses
Adding state variable to various circ and member pages so that
sidebar display of patron details includes state.

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-09 11:52:07 +12:00
Nicole Engard
3c832b0375 Bug 2662: make rand password consider minPasswordLength pref 2009-12-22 00:01:03 +01:00
Henri-Damien LAURENT
4271bbb738 Modifying Members : Add Mod and GetMember
This update the way Member is added and editing so that import and Edition
 could be best automatized
GetMember evolves and allow ppl to serach on a hash of data

Adding SQLHelper A new package to deal with INSERT UPDATE and SELECT

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:29:23 +02:00
Garry Collum
832e9abf64 Bug 2505: Enables warnings in member-flags.pl, member-password.pl, and member-picupload.pl.
No warnings were generated in testing after warnings were enabled.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-29 19:11:08 -04:00
Sébastien Hinderer
f1f833c965 bug 3464: Takes columns country and B_country of table borrowers into account in related operations.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-23 18:19:20 -04:00
2cf0eeedb6 More corrections to fix Bug 2649, "minPasswordLength Sys Pref does nothing." Previous patch included typo copied from member-password.pl. Both are corrected now.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-10-16 09:23:33 -05:00
Danny Bouman
bb76d95a91 bug2580: category name and home library will now correctly display on all patron tabs
This patch fixes several improperly named variables and includes the home library variable on the pages that were missing it. The category
description was added to the GetMemberDetails function since a couple of the pages using that function required the variable.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-09 10:52:39 -05:00
1e2ff18e95 More changes to update-child process. Many scripts missing necessary data for checking how to process an update-child request. Also cleaning up update-child.tmpl for formatting. Minor text change (translation problem?)
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-08 18:09:38 -05:00
52c933c413 Scripts missing check for Child category type would not correctly show 'update child patron' link in toolbar.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-08 18:09:36 -05:00
Henri-Damien LAURENT
9fb4a72122 Bug Fixing 1782 patch
Adding a new routine GetBorrowercategoryList in C4/Member
Displaying categoryname when listing categories in memberentrygen.pl
using categorytype returned with GetMember wherever it is possible.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-05-12 09:42:25 -05:00
afabf473f4 Removing old patronimages js check, adding missing patron image variable to script.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-25 07:22:33 -05:00
Galen Charlton
f5903fbbb5 installer: location of koha-conf.xml
* rewrite-config.PL now puts in installed location
  of koha-conf.xml in C4/Context.pm so that
  correct config can be found even when
  KOHA_CONF is not set.  Note that setting KOHA_CONF
  will still override path set by installer.
* changed references from koha.xml to koha-conf.xml
2007-12-17 09:13:53 -06:00
Ryan Higgins
df9296696b get_template_and_user returns $flags from checkauth for in-page perms.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-12 08:03:08 -06:00
f46ebf69a0 Passing "adultborrower" variable to the template so that "Add Child" button can be displayed in the toolbar when appropriate. Fixes Bug 1510.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-04 15:06:29 -06:00
Ryan Higgins
1a91801b06 Add Staff member type. Add permissions checks for bug# 1269
and related permissions on memberentry and mods.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 15:17:50 -06:00
Chris Cormack
15356575c2 Fix so that if you edit a borrower from circ, or change a password from circ you are taken back there
Toolbar needs to be made for members too, its using the same one as circ, which isnt right, will do this next

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-12 17:37:37 -06:00
Chris Cormack
cc67a70f10 Work in progress on the SIP code
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-06 06:33:04 -06:00
b453d173ae Standardizing information shown in sidebar when patron-related pages are displayed (making sure address, phone, email variables are available to all templates). Adding tabs to account-related pages as means of section navigation.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-04 16:31:32 -06:00
Paul POULAIN
8b7085a8ab removing useless code
the 3 parameters :
intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
intranetstylesheet => C4::Context->preference("intranetstylesheet"),
IntranetNav => C4::Context->preference("IntranetNav"),

are filled by Auth.pm automatically, removing them in templates

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-24 17:03:38 -05:00
fa79f6f177 Some changes to members pages: - refining members-menu.inc - cleaning up memberentrygen.tmpl - some tweaks to moremember.tmpl - adding borrowernumber variable output to member-password.pl
Signed-off-by: Chris Cormack <crc@liblime.com>
2007-09-18 15:06:52 -05:00
hdl
100e6a9808 functions that were in C4::Interface::CGI::Output are now in C4::Output.
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
2007-04-24 13:54:28 +00:00
tipaul
7bd99ef365 removing all useless %env / $env 2007-04-18 17:00:14 +00:00
tipaul
b71839d85c circulation cleaning continued: bufixing 2007-04-17 08:44:49 +00:00
tipaul
c596d55374 HUGE COMMIT : code cleaning circulation.
some stuff to do, i'll write a mail on koha-devel NOW !
2007-04-04 16:46:22 +00:00
tipaul
a3999812e6 rel_3_0 moved to HEAD 2007-03-09 14:52:58 +00:00
toins
cc9524a875 Head & rel_2_2 merged 2006-07-04 14:36:51 +00:00
tipaul
1edf59efe5 road to a better member management code.
Useful for LDAP integration
2004-09-02 16:27:09 +00:00
tipaul
94b1054661 css'ing & merging members management.
memberentry merges
* memberentry, moremember & insertdata (form, validation & storing)
* and the I series (Institution management)
2004-03-24 15:08:19 +00:00
tipaul
2951d20c69 moving members related scripts to "members" directory 2004-03-10 15:10:45 +00:00
Renamed from member-password.pl (Browse further)