9 use C4::Members qw(changepassword);
12 use C4::Passwordrecovery
13 qw(SendPasswordRecoveryEmail ValidateBorrowernumber GetValidLinkInfo CompletePasswordRecovery);
14 use Koha::AuthUtils qw(hash_password);
19 my ( $template, $dummy, $cookie ) = get_template_and_user(
21 template_name => "opac-password-recovery.tt",
29 my $email = $query->param('email') // q{};
30 my $password = $query->param('password');
31 my $repeatPassword = $query->param('repeatPassword');
32 my $minPassLength = C4::Context->preference('minPasswordLength');
33 my $id = $query->param('id');
34 my $uniqueKey = $query->param('uniqueKey');
35 my $username = $query->param('username');
42 my $errNoBorrowerFound;
43 my $errNoBorrowerEmail;
44 my $errAlreadyStartRecovery;
45 my $errTooManyEmailFound;
48 #new password form error
53 if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
55 #try with the main email
56 $email ||= ''; # avoid undef
60 # Find the borrower by his userid or email
62 $search_results = [ Koha::Borrowers->search( { userid => $username } ) ];
65 $search_results = [ Koha::Borrowers->search( { -or => { email => $email, emailpro => $email, B_email => $email } } ) ];
67 if ( not $search_results || scalar @$search_results > 1 ) {
69 $errNoBorrowerFound = 1;
71 elsif ( $borrower = shift @$search_results ) { # One matching borrower
72 $username ||= $borrower->userid;
73 my @emails = ( $borrower->email, $borrower->emailpro, $borrower->B_email );
75 # Is the given email one of the borrower's ?
76 if ( $email && !( grep { $_ eq $email } @emails ) ) {
78 $errNoBorrowerFound = 1;
81 # If we dont have an email yet. Get one of the borrower's email or raise an error.
82 # FIXME: That ugly shift-grep contraption.
83 # $email = shift [ grep { length() } @emails ]
84 # It's supposed to get a non-empty string from the @emails array. There's surely a simpler way
85 elsif ( !$email && !( $email = shift [ grep { length() } @emails ] ) ) {
87 $errNoBorrowerFound = 1;
90 # Check if a password reset already issued for this borrower AND we are not asking for a new email
91 elsif ( ValidateBorrowernumber( $borrower->borrowernumber )
92 && !$query->param('resendEmail') )
95 $errAlreadyStartRecovery = 1;
98 else { # 0 matching borrower
100 $errNoBorrowerFound = 1;
105 errNoBorrowerFound => $errNoBorrowerFound,
106 errTooManyEmailFound => $errTooManyEmailFound,
107 errAlreadyStartRecovery => $errAlreadyStartRecovery,
108 errBadEmail => $errBadEmail,
109 errNoBorrowerEmail => $errNoBorrowerEmail,
110 password_recovery => 1,
111 email => HTML::Entities::encode($email),
112 username => $username
115 elsif ( SendPasswordRecoveryEmail( $borrower, $email, $query->param('resendEmail') ) ) { # generate uuid and send recovery email
121 else { # if it doesn't work....
123 password_recovery => 1,
128 elsif ( $query->param('passwordReset') ) {
129 ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
131 #validate password length & match
132 if ( ($borrower_number)
133 && ( $password eq $repeatPassword )
134 && ( length($password) >= $minPassLength ) )
136 changepassword( $username, $borrower_number, hash_password($password) );
137 CompletePasswordRecovery($uniqueKey);
139 password_reset_done => 1,
140 username => $username
144 if ( !$borrower_number ) { #parameters not valid
145 $errLinkNotValid = 1;
147 elsif ( $password ne $repeatPassword ) { #passwords does not match
148 $errPassNotMatch = 1;
150 elsif ( length($password) < $minPassLength ) { #password too short
151 $errPassTooShort = 1;
155 minPassLength => $minPassLength,
157 uniqueKey => $uniqueKey,
158 errLinkNotValid => $errLinkNotValid,
159 errPassNotMatch => $errPassNotMatch,
160 errPassTooShort => $errPassTooShort,
165 elsif ($uniqueKey) { #reset password form
166 #check if the link is valid
167 ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
169 if ( !$borrower_number ) {
170 $errLinkNotValid = 1;
175 minPassLength => $minPassLength,
177 uniqueKey => $uniqueKey,
178 username => $username,
179 errLinkNotValid => $errLinkNotValid,
180 hasError => ( $errLinkNotValid ? 1 : 0 ),
183 else { #password recovery form (to send email)
184 $template->param( password_recovery => 1 );
187 output_html_with_http_headers $query, $cookie, $template->output;