Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac/sco/sco-main.pl
Ian Walls 8d7608cd64 Bug 5995 Follow up: variable scope in koha/sco/sco-main.pl 
The patronid value (cardnumber) set by checkpw in the case of SelfCheckoutByLogin
was improperly scoped with 'my' inside a conditional.  The changes followup to 5995
made this more apparent, causing logins to fail.

Also added "parts copyright" statement to the script, since ByWater Solutions did make some
significant contributions to the operations of the page

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-22 06:32:03 +13:00

238 lines
8.2 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
#
# This code has been modified by Trendsetters (originally from opac-user.pl)
# This code has been modified by rch
# Parts Copyright 2010-2011, ByWater Solutions (those related to username/password auth)
# We're going to authenticate a self-check user. we'll add a flag to borrowers 'selfcheck'
#
# We're in a controlled environment; we trust the user.
# So the selfcheck station will accept a patronid and issue items to that borrower.
# FIXME: NOT really a controlled environment... We're on the internet!
#
# The checkout permission comes form the CGI cookie/session of a staff user.
# The patron is not really logging in here in the same way as they do on the
# rest of the OPAC. So don't confuse loggedinuser with the patron user.
#
# FIXME: inputfocus not really used in TMPL
use strict;
use warnings;
use CGI;
use Digest::MD5 qw(md5_base64);
use C4::Auth qw(get_template_and_user checkpw);
use C4::Koha;
use C4::Dates qw/format_date/;
use C4::Circulation;
use C4::Reserves;
use C4::Output;
use C4::Members;
use C4::Dates;
use C4::Biblio;
use C4::Items;
my $query = new CGI;
unless (C4::Context->preference('WebBasedSelfCheck')) {
# redirect to OPAC home if self-check is not enabled
print $query->redirect("/cgi-bin/koha/opac-main.pl");
exit;
}
if (C4::Context->preference('AutoSelfCheckAllowed'))
{
my $AutoSelfCheckID = C4::Context->preference('AutoSelfCheckID');
my $AutoSelfCheckPass = C4::Context->preference('AutoSelfCheckPass');
$query->param(-name=>'userid',-values=>[$AutoSelfCheckID]);
$query->param(-name=>'password',-values=>[$AutoSelfCheckPass]);
$query->param(-name=>'koha_login_context',-values=>['sco']);
}
my ($template, $loggedinuser, $cookie) = get_template_and_user({
template_name => "sco/sco-main.tmpl",
authnotrequired => 0,
flagsrequired => { circulate => "circulate_remaining_permissions" },
query => $query,
type => "opac",
debug => 1,
});
if (C4::Context->preference('SelfCheckoutByLogin'))
{
$template->param(authbylogin => 1);
}
# Get the self checkout timeout preference, or use 120 seconds as a default
my $selfchecktimeout = 120000;
if (C4::Context->preference('SelfCheckTimeout')) {
$selfchecktimeout = C4::Context->preference('SelfCheckTimeout') * 1000;
}
$template->param(SelfCheckTimeout => $selfchecktimeout);
# Checks policy laid out by AllowSelfCheckReturns, defaults to 'on' if preference is undefined
my $allowselfcheckreturns = 1;
if (defined C4::Context->preference('AllowSelfCheckReturns')) {
$allowselfcheckreturns = C4::Context->preference('AllowSelfCheckReturns');
}
$template->param(AllowSelfCheckReturns => $allowselfcheckreturns);
my $issuerid = $loggedinuser;
my ($op, $patronid, $patronlogin, $patronpw, $barcode, $confirmed, $timedout) = (
$query->param("op") || '',
$query->param("patronid") || '',
$query->param("patronlogin")|| '',
$query->param("patronpw") || '',
$query->param("barcode") || '',
$query->param("confirmed") || '',
$query->param("timedout") || '', #not actually using this...
);
my $issuenoconfirm = 1; #don't need to confirm on issue.
#warn "issuerid: " . $issuerid;
my $issuer = GetMemberDetails($issuerid);
my $item = GetItem(undef,$barcode);
if (C4::Context->preference('SelfCheckoutByLogin') && !$patronid) {
my $dbh = C4::Context->dbh;
my $resval;
($resval, $patronid) = checkpw($dbh, $patronlogin, $patronpw);
}
my $borrower = GetMemberDetails(undef,$patronid);
my $branch = $issuer->{branchcode};
my $confirm_required = 0;
my $return_only = 0;
#warn "issuer cardnumber: " . $issuer->{cardnumber};
#warn "patron cardnumber: " . $borrower->{cardnumber};
if ($op eq "logout") {
$query->param( patronid => undef, patronlogin => undef, patronpw => undef );
}
elsif ( $op eq "returnbook" && $allowselfcheckreturns ) {
my ($doreturn) = AddReturn( $barcode, $branch );
#warn "returnbook: " . $doreturn;
$borrower = GetMemberDetails(undef,$patronid);
}
elsif ( $op eq "checkout" ) {
my $impossible = {};
my $needconfirm = {};
if ( !$confirmed ) {
( $impossible, $needconfirm ) = CanBookBeIssued( $borrower, $barcode );
}
$confirm_required = scalar keys %$needconfirm;
#warn "confirm_required: " . $confirm_required ;
if (scalar keys %$impossible) {
# warn "impossible: numkeys: " . scalar (keys(%$impossible));
#warn join " ", keys %$impossible;
my $issue_error = (keys %$impossible)[0];
# FIXME we assume only one error.
$template->param(
impossible => $issue_error,
"circ_error_$issue_error" => 1,
title => $item->{title},
hide_main => 1,
);
if ($issue_error eq 'DEBT') {
$template->param(amount => $impossible->{DEBT});
}
#warn "issue_error: " . $issue_error ;
if ( $issue_error eq "NO_MORE_RENEWALS" ) {
$return_only = 1;
$template->param(
returnitem => 1,
barcode => $barcode,
);
}
} elsif ( $needconfirm->{RENEW_ISSUE} ) {
if ($confirmed) {
#warn "renewing";
AddRenewal( $borrower, $item->{itemnumber} );
} else {
#warn "renew confirmation";
$template->param(
renew => 1,
barcode => $barcode,
confirm => 1,
confirm_renew_issue => 1,
hide_main => 1,
);
}
} elsif ( $confirm_required && !$confirmed ) {
#warn "failed confirmation";
my $issue_error = (keys %$needconfirm)[0];
$template->param(
impossible => (keys %$needconfirm)[0],
"circ_error_$issue_error" => 1,
hide_main => 1,
);
} else {
if ( $confirmed || $issuenoconfirm ) { # we'll want to call getpatroninfo again to get updated issues.
# warn "issuing book?";
AddIssue( $borrower, $barcode );
# ($borrower, $flags) = getpatroninformation(undef,undef, $patronid);
# $template->param(
# patronid => $patronid,
# validuser => 1,
# );
} else {
$confirm_required = 1;
#warn "issue confirmation";
$template->param(
confirm => "Issuing title: " . $item->{title},
barcode => $barcode,
hide_main => 1,
inputfocus => 'confirm',
);
}
}
} # $op
if ($borrower->{cardnumber}) {
# warn "issuer's branchcode: " . $issuer->{branchcode};
# warn "user's branchcode: " . $borrower->{branchcode};
my $borrowername = sprintf "%s %s", ($borrower->{firstname} || ''), ($borrower->{surname} || '');
my @issues;
my ($issueslist) = GetPendingIssues( $borrower->{'borrowernumber'} );
foreach my $it (@$issueslist) {
$it->{date_due_display} = format_date($it->{date_due});
my ($renewokay, $renewerror) = CanBookBeIssued($borrower, $it->{'barcode'},'','');
$it->{'norenew'} = 1 if $renewokay->{'NO_MORE_RENEWALS'};
push @issues, $it;
}
$template->param(
validuser => 1,
borrowername => $borrowername,
issues_count => scalar(@issues),
ISSUES => \@issues,
patronid => $patronid,
patronlogin => $patronlogin,
patronpw => $patronpw,
noitemlinks => 1 ,
);
my $inputfocus = ($return_only == 1) ? 'returnbook' :
($confirm_required == 1) ? 'confirm' : 'barcode' ;
$template->param(
inputfocus => $inputfocus,
nofines => 1,
"dateformat_" . C4::Context->preference('dateformat') => 1,
);
if (C4::Context->preference('ShowPatronImageInWebBasedSelfCheck')) {
my ($image, $dberror) = GetPatronImage($borrower->{cardnumber});
if ($image) {
$template->param(
display_patron_image => 1,
cardnumber => $borrower->{cardnumber},
);
}
}
} else {
$template->param(
patronid => $patronid,
nouser => $patronid,
);
}
output_html_with_http_headers $query, $cookie, $template->output;
View git blame Copy permalink