Jonathan Druart
5347537f1a
If PatronSelfRegistrationVerifyByEmail and PatronSelfRegistrationEmailMustBeUnique are set, it should not be possible to register twice with the same email. However the test is made on already created patron cards when the registration is done. Which means it is possible to register several times with the same email address and click on the registration link to finalise the registration. This patch adds a test when the registration link is clicked and display the "Registration invalid" generic message if the same email is used Test plan: 1. Patron submits self registration form using the same email address 3 times 2. Patron receives 3 verification emails 3. Patron clicks on 3 verify token URLs => Only the first registration should succeed, the 2 others must fail Maybe we should display a more specific message? Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
93 lines
2.9 KiB
Perl
Executable file
93 lines
2.9 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI qw ( -utf8 );
|
|
|
|
use C4::Auth;
|
|
use C4::Output;
|
|
use C4::Members;
|
|
use C4::Form::MessagingPreferences;
|
|
use Koha::Patrons;
|
|
use Koha::Patron::Modifications;
|
|
|
|
my $cgi = new CGI;
|
|
my $dbh = C4::Context->dbh;
|
|
|
|
unless ( C4::Context->preference('PatronSelfRegistration') ) {
|
|
print $cgi->redirect("/cgi-bin/koha/opac-main.pl");
|
|
exit;
|
|
}
|
|
|
|
my $token = $cgi->param('token');
|
|
my $m = Koha::Patron::Modifications->find( { verification_token => $token } );
|
|
|
|
my ( $template, $borrowernumber, $cookie );
|
|
|
|
if (
|
|
$m # The token exists and the email is unique if requested
|
|
and not(
|
|
C4::Context->preference('PatronSelfRegistrationEmailMustBeUnique')
|
|
and Koha::Patrons->search( { email => $m->email } )->count
|
|
)
|
|
)
|
|
{
|
|
( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
|
{
|
|
template_name => "opac-registration-confirmation.tt",
|
|
type => "opac",
|
|
query => $cgi,
|
|
authnotrequired => 1,
|
|
}
|
|
);
|
|
|
|
$template->param(
|
|
OpacPasswordChange => C4::Context->preference('OpacPasswordChange') );
|
|
|
|
my $borrower = $m->unblessed();
|
|
|
|
my $password;
|
|
( $borrowernumber, $password ) = AddMember_Opac(%$borrower);
|
|
|
|
if ($borrowernumber) {
|
|
$m->delete();
|
|
C4::Form::MessagingPreferences::handle_form_action($cgi, { borrowernumber => $borrowernumber }, $template, 1, C4::Context->preference('PatronSelfRegistrationDefaultCategory') ) if C4::Context->preference('EnhancedMessagingPreferences');
|
|
|
|
$template->param( password_cleartext => $password );
|
|
my $patron = Koha::Patrons->find( $borrowernumber );
|
|
$template->param( borrower => $patron->unblessed );
|
|
$template->param(
|
|
PatronSelfRegistrationAdditionalInstructions =>
|
|
C4::Context->preference(
|
|
'PatronSelfRegistrationAdditionalInstructions')
|
|
);
|
|
}
|
|
|
|
}
|
|
else {
|
|
( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
|
{
|
|
template_name => "opac-registration-invalid.tt",
|
|
type => "opac",
|
|
query => $cgi,
|
|
authnotrequired => 1,
|
|
}
|
|
);
|
|
}
|
|
|
|
output_html_with_http_headers $cgi, $cookie, $template->output;
|