9 use C4::Members qw(changepassword Search);
12 use C4::Passwordrecovery qw(SendPasswordRecoveryEmail ValidateBorrowernumber GetValidLinkInfo CompletePasswordRecovery);
13 use Koha::AuthUtils qw(hash_password);
17 my ( $template, $dummy, $cookie ) = get_template_and_user(
19 template_name => "opac-password-recovery.tt",
27 my $email = $query->param('email') // q{};
28 my $password = $query->param('password');
29 my $repeatPassword = $query->param('repeatPassword');
30 my $minPassLength = C4::Context->preference('minPasswordLength');
31 my $id = $query->param('id');
32 my $uniqueKey = $query->param('uniqueKey');
33 my $username = $query->param('username');
40 my $errNoBorrowerFound;
41 my $errNoBorrowerEmail;
42 my $errAlreadyStartRecovery;
43 my $errTooManyEmailFound;
46 #new password form error
51 if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
52 my $protocol = $query->https() ? "https://" : "http://";
53 #try with the main email
54 $email ||= ''; # avoid undef
58 # Find the borrower by his userid or email
60 $search_results = Search({ userid => $username });
63 $search_results = Search({ '' => $email }, undef, undef, undef, ['emailpro', 'email', 'B_email']);
66 if(scalar @$search_results > 1){ # Many matching borrowers
68 $errTooManyEmailFound = 1;
70 elsif( $borrower = shift @$search_results ){ # One matching borrower
71 $username ||= $borrower->{'userid'};
72 my @emails = ( $borrower->{'email'}, $borrower->{'emailpro'}, $borrower->{'B_email'} );
73 # Is the given email one of the borrower's ?
74 if( $email && !($email ~~ @emails) ){
78 # If we dont have an email yet. Get one of the borrower's email or raise an error.
79 # FIXME: That ugly shift-grep contraption.
80 # $email = shift [ grep { length() } @emails ]
81 # It's supposed to get a non-empty string from the @emails array. There's surely a simpler way
82 elsif( !$email && !($email = shift [ grep { length() } @emails ]) ){
84 $errNoBorrowerEmail = 1;
86 # Check if a password reset already issued for this borrower AND we are not asking for a new email
87 elsif( ValidateBorrowernumber( $borrower->{'borrowernumber'} ) && !$query->param('resendEmail') ){
89 $errAlreadyStartRecovery = 1;
92 else{ # 0 matching borrower
94 $errNoBorrowerFound = 1;
99 errNoBorrowerFound => $errNoBorrowerFound,
100 errTooManyEmailFound => $errTooManyEmailFound,
101 errAlreadyStartRecovery => $errAlreadyStartRecovery,
102 errBadEmail => $errBadEmail,
103 errNoBorrowerEmail => $errNoBorrowerEmail,
104 password_recovery => 1,
105 email => HTML::Entities::encode($email),
106 username => $username
109 elsif ( SendPasswordRecoveryEmail( $borrower, $email, $protocol, $query->param('resendEmail') ) ) {#generate uuid and send recovery email
115 else {# if it doesnt work....
117 password_recovery => 1,
122 elsif ( $query->param('passwordReset') ) {
123 ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
124 #validate password length & match
125 if ( ($borrower_number)
126 && ( $password eq $repeatPassword )
127 && ( length($password) >= $minPassLength ) )
129 changepassword( $username, $borrower_number, hash_password($password) );
130 CompletePasswordRecovery($uniqueKey);
132 password_reset_done => 1,
133 username => $username
137 if ( !$borrower_number ) { #parameters not valid
138 $errLinkNotValid = 1;
140 elsif ( $password ne $repeatPassword ) { #passwords does not match
141 $errPassNotMatch = 1;
143 elsif ( length($password) < $minPassLength ) { #password too short
144 $errPassTooShort = 1;
148 minPassLength => $minPassLength,
150 uniqueKey => $uniqueKey,
151 errLinkNotValid => $errLinkNotValid,
152 errPassNotMatch => $errPassNotMatch,
153 errPassTooShort => $errPassTooShort,
158 elsif ($uniqueKey) { #reset password form
159 #check if the link is valid
160 ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
162 if ( !$borrower_number ) {
163 $errLinkNotValid = 1;
168 minPassLength => $minPassLength,
170 uniqueKey => $uniqueKey,
171 username => $username,
172 errLinkNotValid => $errLinkNotValid
175 else { #password recovery form (to send email)
176 $template->param( password_recovery => 1 );
179 output_html_with_http_headers $query, $cookie, $template->output;