Commit graph

40 commits

Author SHA1 Message Date
Galen Charlton
7b165794cd Bug 10016: force zero browser-side caching of SCO pages
This patch makes the web-based self-check module pages
specify that no browser (or proxy caching) occur at all.
This prevents a security issue where letting the SCO session time out,
then hitting the back button allowed one to view the previous
patron's session.

This patch adds an optional fifth parameter to output_with_http_headers(),
and output_html_with_http_headers(), a hashref for miscellaneous
options.  One key is defined at the moment: force_no_caching, which if
if present and set to a true value, sets HTTP headers to specify no
browser caching of the page at all.

To test:

[1] Start a web-based self-check session and optionally perform
    some transactions.
[2] Allow the session to time out (it may be helpful to set
    SelfCheckTimeout to a low value such as 10 seconds).
[3] Hit the back button.  You should not see the previous patron's
    self-check session.
[4] Verify that prove -v t/Output.t passes.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ed Veal <ed.veal@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-21 18:05:12 +00:00
09b8ce2a5f Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Enable patronimages
4) Verify patron images are still displaying correctly
5) Test deleting a patron image
6) Test adding a patron image from moremember.pl
7) Test adding a patron image from tools/picture-upload.pl

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 21:08:02 +00:00
Jonathan Druart
a469663d7b Bug 9108: Followup: send the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
 - opac/sco/sco-main.pl
 - reports/acquisitions_stats.pl
 - tools/cleanborrowers.pl

All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.

Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
  adding dates

Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-17 21:59:30 -05:00
6bae88f43d Bug 9009 - Add separate user js and css for SCO module
Add system preferences SCOUserCSS and SCOUserJS to define separate CSS and JavaScript for the Self Checkout Module.

Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Add something arbitrary to the new sysprefs SCOUserCSS and SCOUserJS ( such as TestCSS and TestJS ).
4) Load the SCO module in a browser, and view the HTML, verify the CSS and JS values in the system preferences have been included.

Signed-off-by: Marc Veron <veron@veron.ch>

I tested with an alert('hello') as JavaScript and some background-color for the CSS. Worked as expected.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-27 10:05:28 -05:00
e1c621c230 Bug 8955 - Self checkout should degrade gracefully with JavaScript turned off
Several changes in this patch, the largest of which is that the
renew/return dialogs no longer require JavaScript in order to properly
alter and submit the form. Instead each button uses a separate form.

To test, log in to self checkout and submit a barcode which is checked
out and can be renewd, and a barcode which is checked out but has
reached the checkout limit. On the resulting dialogs each button
should function properly.

Also changed: I removed some useless JavaScript processing related
to a bogus "valid_session" variable which was unused.

Similarly removed is template logic based on a "timedout" variable which
was not set by the script. Note that the script contains NO server-
side handling of timeout. Timeout is dependent on JavaScript.

To test these changes, confirm that with JavaScript enabled you are
automatically logged out after the time specified in the SelfCheckTimeout
preference.

Other minor changes: Terminology and capitalization corrections,
minor style tweaks.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-22 16:33:12 -05:00
Paul Poulain
17cd17531f Bug 8033 follow-up removing tabs in indentation
Signed-off-by: Elliott Davis <elliott@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-13 17:49:08 -05:00
Elliott Davis
05c47d5040 Bug 8033: This patch adds print slips to self checkout.
To Test:

Sign in to self checkout.
Enter a barcode and click submit.
Click the finish button
You should be prompted with a message asking if you would like a receipt.
If you click OK you should be taken to the page with the receipt.
If you click Cancel you should not see the reciept and you should be logged out.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Added copyright to print slip for SCO

Modified POD and copyright.  Also perltidied

updated print slip option to show on the click of the finish button instead of the submit button

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Elliott Davis <elliott@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-13 17:48:09 -05:00
Marc Veron
29891f38f9 Bug 8518 - Self checkout does not display debt amount if syspref AllowFineOverride is set to allow
If the patron has depts that prevent issuing and the system preference 'AllowFineOverride' is set to 'allow', the amount is not displayed in the user message.

Additionally, patch adds currency symbol to amount.

Test plan:
Do self checkout with patron who has debts that are over the limit.
Test with and without preference 'AllowFineOverride' set.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-01 17:39:55 +02:00
492058d3d5 Bug 4330 : Adding missing license statement
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-05-28 17:53:59 +02:00
Julian Maurice
e1148ec52a Bug 7743: Update sco/sco-main.pl to use KohaDates TT plugin
Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
2012-03-26 16:22:43 +02:00
9ffa73534b Bug 7631 - Self checkout renewal fails because of reference to non-existent subroutine in sco-main.pl
Changing "CanBookBeIssuedCheckout" to "CanBookBeIssued"

To test, try to renew an item which has no renewals left. Before the patch
you'll get an error:

Undefined subroutine &main::CanBookBeIssuedCheckout called at /opac/sco/sco-main.pl line 135.

After the patch you'll get the correct message about having no renewals left.
Other tests: checking out a barcode which doesn't exist, checking out an
item which is on hold for another patron.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-03-08 18:10:52 +01:00
Srdjan Jankovic
2041f2c973 bug_7090: AllowItemsOnHandCheckout syspref
Observe AllowItemsOnHandCheckout syspref when using SIP self checkout

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
To test:
* place an item on hold for patron A
* attempt to circulate that item to patron B (via SIP/selfcheck)
	syspref off: item should not circulate to patron B
	Syspref On: item should circulate to patron B

Both conditions passed in our testing.
Also verified that normal staff client behavior regarding this situation was preserved. It was.
2012-02-10 19:28:25 +01:00
Chris Cormack
40bd14e0ea Bug 4330: Missing License Statement
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2011-11-24 14:15:57 +01:00
Ian Walls
8d7608cd64 Bug 5995 Follow up: variable scope in koha/sco/sco-main.pl
The patronid value (cardnumber) set by checkpw in the case of SelfCheckoutByLogin
was improperly scoped with 'my' inside a conditional.  The changes followup to 5995
made this more apparent, causing logins to fail.

Also added "parts copyright" statement to the script, since ByWater Solutions did make some
significant contributions to the operations of the page

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-22 06:32:03 +13:00
Ian Walls
b2a233f480 Bug 5578: Self checkout by Login enhancement
Enables the library to choose whether to have patrons scan their barcodes for self checkout, or login
with username and password.  Uses 'checkpw' for compatibility with LDAP authentication.

Also introduces a few new system preferences to make Self Checkout more secure and manageable:

  SelfCheckTimeOut:      the number of seconds before the self-checkout login times out for a patron
  AllowSelfCheckReturns: indicate whether or not patrons can return materials via self-checkout
  SelfCheckHelpMessage:  user-configurable HTML to show specific text on the Help page.

Thank you to Marlboro College in Marlboro, VT for sponsoring and testing this development!

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-01 15:18:40 +13:00
Lars Wirzenius
873a3cb9bc Fix FSF address in directory opac/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:54 -04:00
13ab69ae08 bug 4122: make WebBasedSelfCheck functional
The WebBasedSelfCheck preference is now functional - if a user
tries to use /cgi-bin/koha/sco/sco-main.pl if the preference
is not on, they get redirected to the OPAC home page.

Also, the patron image web service now returns HTTP 403 (forbidden) unless
both WebBasedSelfCheck and ShowPatronImageInWebBasedSelfCheck are on.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-10 08:41:50 -05:00
372ebb8bdd set koha_login_context in order to get auto-login for SCO working
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 09:01:25 -05:00
Jane Wagner
f52c54eb35 Bug 3738 Automate login to web-based self-check system
Some small, single-branch corporate and special libraries use unattended self-checkout stations, and would like to automate the staff login, so that just going to the sco/sco-main.pl URL would bring the self-check up ready for patron use.  This patch create three sysprefs, AutoSelfCheckAllowed, and AutoSelfCheckID/AutoSelfCheckPass. If the site wants to allow automated login, staff would then need to create the selfcheck user record and enter that login ID and password into the sysprefs.  The kohaclone/opac/sco/sco-main.pl script has been modified to check these sysprefs and pass values (if present and allowed) into the self-check URL.  The URL then bypasses the staff login page and comes up ready for checkout, waiting for the first patron barcode.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 08:43:07 -05:00
2e73ac94e4 bug 3436: tweak cache settings for patron images
Per suggestion by Joe Atzberger.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-16 07:45:31 -04:00
Galen Charlton
069864d3a2 bug 3436: improve error messages in self-check
Improved the error messages displayed to users
by web-based self-checkout when a problem with
a loan occurs.

This changed was sponsored by the Plano Independent
School District.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-16 07:36:37 -04:00
Galen Charlton
7c7e1dc41d bug 3436: enhance sorting of loans (self-check)
[1] Change the default sort order of checked out
    items to have the most recent loans displayed
    first.

[2] Add the ability (via jQuery tablesorter) for
    the user to sort the list of loans.

Also fixed the formatting of the due date.

This change was sponsored by the Plano Independent School
District.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-16 07:36:35 -04:00
Galen Charlton
121a4ca0d1 bug 3436: add patron images to web self-check
Adds a new system preference, ShowPatronImageInWebBasedSelfCheck;
if this preference is ON, a patron's image is displayed
if available when using web-based self-check.

Note: a patch for updatedatabase.pl will be made when this
change is ready to push.

This change is sponsored by the Plano Independent School
District.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-16 07:36:31 -04:00
Galen Charlton
adaf1d9195 fix minor warning issues in SCO
* test for NO_MORE_RENEWALS now does expect
  that hash key will always exist
* removed unconditional warn

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-03 14:37:29 -05:00
Joe Atzberger
ece3a31fca Cleanup SCO - OPAC self checkout
~ vestigial broken scripts and templates removed
~ meaningless dependencies removed
~ Focus handling issues resolved for cross-browsers
~ Timeout only invoked for non-first screen.  This keeps the refresh from
flooding the logs continuously for no purpose.
~ two halves of "validuser" conditional linked in TMPL
~ elsif's used for $op conditionals

The focus should now appear on the "Return to Account Summary" button during errors.
The user can scan anything (w/ carriage return) and get back to the first screen.
Also, special functionality is added for the magic barcode "__KOHA_NEW_CIRC__".
This effectively ends the patron session and logs them out so the next patron can begin.
The purpose is for patrons to avoid having to use a keyboard at all, if libraries
print and have this special barcode available for patrons at the SCO station.

Enhancement was requested by Plano Independent School District.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-03 14:01:02 -05:00
Mason James
97b8acb06c - perltidy corrects broken indentation on 'if' block.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-04 16:28:27 -06:00
Mason James
41cb983c3b fix for bug-2923, corrects renew status in SCO
- removes unneeded  HTML::Template::Pro
 - some indent/newline tidies

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-04 16:28:17 -06:00
Joe Atzberger
c70cd87d54 Bug 2900: fix GetPendingIssues.
GetPendingIssues did several bad things:
~ select * on a 4 table join,
~ including multiple namespace collisions,
~ including large fields marc and marcxml from biblioitems,
~ return ($count, \@array_being_counted).

Not everything is fixed here (see FIXMEs), but the situation is
improved considerably, with bug 2900 resolved.  The "timestamp"
namespace collision in query should be resolved by separate patch.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-01-08 11:08:27 -06:00
John Beppu
c15e1206fd bug 2874 [3/3] flagsrequired => { circulate => "circulate_remaining_permissions" }
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-12-23 17:02:04 -06:00
Galen Charlton
2b8cb18f50 bug 2505: enable warnings for opac/sco/sco-main.pl
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-12-11 08:33:37 -06:00
Galen Charlton
d5b98d3bb0 bug 2613: allow web self-check to accept patron ID
Use 'patronid' instead of 'userid' as the query parameter
for passing the patron userid or barcode around; 'userid'
is claimed by C4::Auth and should be used only for
authentication pages.

Fixes the problem where entering a patron's card
number would cause a redirect to the OPAC login
page.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-12-08 08:46:36 -06:00
e8d14a6cde Cleaning up Self-Checkout interface, adding some basic formatting based on other standard styles.
Patch also removes a hard-coded English string from the script and some unused functions from sco.js.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-12-05 16:28:25 -06:00
Galen Charlton
4bf76c2d77 bug 2615: remove unneeded 'require Exporter'
Most Perl scripts (as opposed to modules) do
not need to require Exporter.

No user-visible or documentation changes.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-26 09:05:08 -05:00
Joshua Ferraro
9d0ab08a9b fix for 2382: Self Checkout Won't Work for Staff with Circ 2008-08-09 19:47:34 -05:00
Galen Charlton
c80b328aae clean up old-style calls to GetMemberDetails
GetMemberDetails() returns only one hashref now,
not two.  In all cases where the caller was
expecting two output values, the $flags return
was ignored anyway.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-25 11:39:22 -05:00
Galen Charlton
8c60e82605 fixed variable masking warnings found by perl -w
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-03 20:23:59 -06:00
Galen Charlton
9e7c94bf96 item rework: moved GetItem
Moved from C4::Biblio to C4::Items.

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-03 16:24:04 -06:00
Joe Atzberger
093e3f5215 opac subdir - Dates.pm integration and warnings fixes.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-04 18:21:03 -06:00
Paul POULAIN
a502aa1c76 HTML::Template => HTML::Template::Pro
HTML::Template is no more used, some were remaining,
fixing the "use ...;" to H::T::Pro only

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 14:55:55 -06:00
Joshua Ferraro
a0b220f855 much-awaited web-based self-checkout system
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-25 23:45:52 -06:00