projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 5450 Avoid a name clash in ILSDI modules
[koha.git] / C4 / Auth.pm
diff --git a/C4/Auth.pm b/C4/Auth.pm
old mode 100755 (executable)
new mode 100644 (file)
index 61711d9..7404f96
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1,7 +1,3 @@
-
-# -*- tab-width: 8 -*-
-# NOTE: This file uses 8-character tabs; do not change the tab size!
-
 package C4::Auth;
 
 # Copyright 2000-2002 Katipo Communications
 package C4::Auth;
 
 # Copyright 2000-2002 Katipo Communications
@@ -17,12 +13,15 @@ package C4::Auth;
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 #
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA  02111-1307 USA
+# You should have received a copy of the GNU General Public License along
+# with Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 use strict;
 
 use strict;
+#use warnings; FIXME - Bug 2505
 use Digest::MD5 qw(md5_base64);
 use Digest::MD5 qw(md5_base64);
+use Storable qw(thaw freeze);
+use URI::Escape;
 use CGI::Session;
 
 require Exporter;
 use CGI::Session;
 
 require Exporter;
@@ -31,23 +30,31 @@ use C4::Output;    # to get the template
 use C4::Members;
 use C4::Koha;
 use C4::Branch; # GetBranches
 use C4::Members;
 use C4::Koha;
 use C4::Branch; # GetBranches
-use C4::VirtualShelves 3.02 qw(GetShelvesSummary);
+use C4::VirtualShelves;
+use POSIX qw/strftime/;
 
 # use utf8;
 
 # use utf8;
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap);
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout);
 
 BEGIN {
     $VERSION = 3.02;        # set version for version checking
 
 BEGIN {
     $VERSION = 3.02;        # set version for version checking
-    $debug = $ENV{DEBUG} || 0 ;
+    $debug = $ENV{DEBUG};
     @ISA   = qw(Exporter);
     @ISA   = qw(Exporter);
-    @EXPORT    = qw(&checkauth &get_template_and_user);
+    @EXPORT    = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions);
     @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions);
     %EXPORT_TAGS = (EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)]);
     $ldap = C4::Context->config('useldapserver') || 0;
     @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions);
     %EXPORT_TAGS = (EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)]);
     $ldap = C4::Context->config('useldapserver') || 0;
+    $cas = C4::Context->preference('casAuthentication');
+    $caslogout = C4::Context->preference('casLogout');
     if ($ldap) {
         require C4::Auth_with_ldap;             # no import
         import  C4::Auth_with_ldap qw(checkpw_ldap);
     }
     if ($ldap) {
         require C4::Auth_with_ldap;             # no import
         import  C4::Auth_with_ldap qw(checkpw_ldap);
     }
+    if ($cas) {
+        require C4::Auth_with_cas;             # no import
+        import  C4::Auth_with_cas qw(checkpw_cas login_cas logout_cas login_cas_url);
+    }
+
 }
 
 =head1 NAME
 }
 
 =head1 NAME
@@ -62,7 +69,7 @@ C4::Auth - Authenticates Koha users
 
   my $query = new CGI;
 
 
   my $query = new CGI;
 
-  my ($template, $borrowernumber, $cookie) 
+  my ($template, $borrowernumber, $cookie)
     = get_template_and_user(
         {
             template_name   => "opac-main.tmpl",
     = get_template_and_user(
         {
             template_name   => "opac-main.tmpl",
@@ -77,44 +84,46 @@ C4::Auth - Authenticates Koha users
 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 
-    The main function of this module is to provide
-    authentification. However the get_template_and_user function has
-    been provided so that a users login information is passed along
-    automatically. This gets loaded into the template.
+The main function of this module is to provide
+authentification. However the get_template_and_user function has
+been provided so that a users login information is passed along
+automatically. This gets loaded into the template.
 
 =head1 FUNCTIONS
 
 
 =head1 FUNCTIONS
 
-=over 2
-
-=item get_template_and_user
-
-    my ($template, $borrowernumber, $cookie)
-        = get_template_and_user(
-          {
-            template_name   => "opac-main.tmpl",
-            query           => $query,
-            type            => "opac",
-            authnotrequired => 1,
-            flagsrequired   => {borrow => 1, catalogue => '*', tools => 'import_patrons' },
-          }
-        );
-
-    This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
-    to C<&checkauth> (in this module) to perform authentification.
-    See C<&checkauth> for an explanation of these parameters.
-
-    The C<template_name> is then used to find the correct template for
-    the page. The authenticated users details are loaded onto the
-    template in the HTML::Template LOOP variable C<USER_INFO>. Also the
-    C<sessionID> is passed to the template. This can be used in templates
-    if cookies are disabled. It needs to be put as and input to every
-    authenticated page.
-
-    More information on the C<gettemplate> sub can be found in the
-    Output.pm module.
+=head2 get_template_and_user
+
+ my ($template, $borrowernumber, $cookie)
+     = get_template_and_user(
+       {
+         template_name   => "opac-main.tmpl",
+         query           => $query,
+         type            => "opac",
+         authnotrequired => 1,
+         flagsrequired   => {borrow => 1, catalogue => '*', tools => 'import_patrons' },
+       }
+     );
+
+This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
+to C<&checkauth> (in this module) to perform authentification.
+See C<&checkauth> for an explanation of these parameters.
+
+The C<template_name> is then used to find the correct template for
+the page. The authenticated users details are loaded onto the
+template in the HTML::Template LOOP variable C<USER_INFO>. Also the
+C<sessionID> is passed to the template. This can be used in templates
+if cookies are disabled. It needs to be put as and input to every
+authenticated page.
+
+More information on the C<gettemplate> sub can be found in the
+Output.pm module.
 
 =cut
 
 
 =cut
 
+my $SEARCH_HISTORY_INSERT_SQL =<<EOQ;
+INSERT INTO search_history(userid, sessionid, query_desc, query_cgi, total, time            )
+VALUES                    (     ?,         ?,          ?,         ?,     ?, FROM_UNIXTIME(?))
+EOQ
 sub get_template_and_user {
     my $in       = shift;
     my $template =
 sub get_template_and_user {
     my $in       = shift;
     my $template =
@@ -144,23 +153,32 @@ sub get_template_and_user {
         # user info
         $template->param( loggedinusername => $user );
         $template->param( sessionID        => $sessionID );
         # user info
         $template->param( loggedinusername => $user );
         $template->param( sessionID        => $sessionID );
-               my $shelves;
-               if ($shelves = C4::Context->get_shelves_userenv()) {
-               $template->param( barshelves     => scalar (@$shelves));
-               $template->param( barshelvesloop => $shelves);
+
+               my ($total, $pubshelves, $barshelves) = C4::Context->get_shelves_userenv();
+               if (defined($pubshelves)) {
+               $template->param(       pubshelves      => scalar (@$pubshelves),
+                                                       pubshelvesloop  => $pubshelves,
+                                                       );
+                       $template->param(       pubtotal                => $total->{'pubtotal'}, ) if ($total->{'pubtotal'} > scalar (@$pubshelves));
                }
                }
+               if (defined($barshelves)) {
+               $template->param(       barshelves      => scalar (@$barshelves),
+                                                       barshelvesloop  => $barshelves,
+                                                       );
+                       $template->param(       bartotal                => $total->{'bartotal'}, ) if ($total->{'bartotal'} > scalar (@$barshelves));
+               }
+
+        $borrowernumber = getborrowernumber($user) if defined($user);
 
 
-        $borrowernumber = getborrowernumber($user);
-        my ( $borr, $alternativeflags ) =
-          GetMemberDetails( $borrowernumber );
+        my ( $borr ) = GetMemberDetails( $borrowernumber );
         my @bordat;
         $bordat[0] = $borr;
         $template->param( "USER_INFO" => \@bordat );
         my @bordat;
         $bordat[0] = $borr;
         $template->param( "USER_INFO" => \@bordat );
-        
+
         my $all_perms = get_all_subpermissions();
 
         my @flagroots = qw(circulate catalogue parameters borrowers permissions reserveforothers borrow
         my $all_perms = get_all_subpermissions();
 
         my @flagroots = qw(circulate catalogue parameters borrowers permissions reserveforothers borrow
-                            editcatalogue updatecharges management tools editauthorities serials reports);
+                            editcatalogue updatecharges management tools editauthorities serials reports acquisition);
         # We are going to use the $flags returned by checkauth
         # to create the template's parameters that will indicate
         # which menus the user can access.
         # We are going to use the $flags returned by checkauth
         # to create the template's parameters that will indicate
         # which menus the user can access.
@@ -176,7 +194,7 @@ sub get_template_and_user {
             $template->param( CAN_user_updatecharges     => 1 );
             $template->param( CAN_user_acquisition      => 1 );
             $template->param( CAN_user_management       => 1 );
             $template->param( CAN_user_updatecharges     => 1 );
             $template->param( CAN_user_acquisition      => 1 );
             $template->param( CAN_user_management       => 1 );
-            $template->param( CAN_user_tools            => 1 ); 
+            $template->param( CAN_user_tools            => 1 );
             $template->param( CAN_user_editauthorities  => 1 );
             $template->param( CAN_user_serials          => 1 );
             $template->param( CAN_user_reports          => 1 );
             $template->param( CAN_user_editauthorities  => 1 );
             $template->param( CAN_user_serials          => 1 );
             $template->param( CAN_user_reports          => 1 );
@@ -188,24 +206,16 @@ sub get_template_and_user {
             }
         }
 
             }
         }
 
-        if (C4::Context->preference('GranularPermissions')) {
-            if ( $flags ) {
-                foreach my $module (keys %$all_perms) {
-                    if ( $flags->{$module} == 1) {
-                        foreach my $subperm (keys %{ $all_perms->{$module} }) {
-                            $template->param( "CAN_user_${module}_${subperm}" => 1 );
-                        }
-                    } elsif ( ref($flags->{$module}) ) {
-                        foreach my $subperm (keys %{ $flags->{$module} } ) {
-                            $template->param( "CAN_user_${module}_${subperm}" => 1 );
-                        }
-                    }
-                }
-            }
-        } else {
+        if ( $flags ) {
             foreach my $module (keys %$all_perms) {
             foreach my $module (keys %$all_perms) {
-                foreach my $subperm (keys %{ $all_perms->{$module} }) {
-                    $template->param( "CAN_user_${module}_${subperm}" => 1 );
+                if ( $flags->{$module} == 1) {
+                    foreach my $subperm (keys %{ $all_perms->{$module} }) {
+                        $template->param( "CAN_user_${module}_${subperm}" => 1 );
+                    }
+                } elsif ( ref($flags->{$module}) ) {
+                    foreach my $subperm (keys %{ $flags->{$module} } ) {
+                        $template->param( "CAN_user_${module}_${subperm}" => 1 );
+                    }
                 }
             }
         }
                 }
             }
         }
@@ -220,113 +230,236 @@ sub get_template_and_user {
                 }
             }
         }
                 }
             }
         }
+               # Logged-in opac search history
+               # If the requested template is an opac one and opac search history is enabled
+               if ($in->{'type'} == "opac" && C4::Context->preference('EnableOpacSearchHistory')) {
+                       my $dbh = C4::Context->dbh;
+                       my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?";
+                       my $sth = $dbh->prepare($query);
+                       $sth->execute($borrowernumber);
+                       
+                       # If at least one search has already been performed
+                       if ($sth->fetchrow_array > 0) { 
+                       # We show the link in opac
+                       $template->param(ShowOpacRecentSearchLink => 1);
+                       }
+
+                       # And if there's a cookie with searches performed when the user was not logged in, 
+                       # we add them to the logged-in search history
+                       my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches');
+                       if ($searchcookie){
+                               $searchcookie = uri_unescape($searchcookie);
+                               my @recentSearches = @{thaw($searchcookie) || []};
+                               if (@recentSearches) {
+                                       my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL);
+                                       $sth->execute( $borrowernumber,
+                                                      $in->{'query'}->cookie("CGISESSID"),
+                                                      $_->{'query_desc'},
+                                                      $_->{'query_cgi'},
+                                                      $_->{'total'},
+                                                      $_->{'time'},
+                                        ) foreach @recentSearches;
+
+                                       # And then, delete the cookie's content
+                                       my $newsearchcookie = $in->{'query'}->cookie(
+                                                                                               -name => 'KohaOpacRecentSearches',
+                                                                                               -value => freeze([]),
+                                                                                               -expires => ''
+                                                                                        );
+                                       $cookie = [$cookie, $newsearchcookie];
+                               }
+                       }
+               }
     }
     }
+       else {  # if this is an anonymous session, setup to display public lists...
+
+        # load the template variables for stylesheets and JavaScript
+        $template->param( css_libs => $in->{'css_libs'} );
+        $template->param( css_module => $in->{'css_module'} );
+        $template->param( css_page => $in->{'css_page'} );
+        $template->param( css_widgets => $in->{'css_widgets'} );
+
+        $template->param( js_libs => $in->{'js_libs'} );
+        $template->param( js_module => $in->{'js_module'} );
+        $template->param( js_page => $in->{'js_page'} );
+        $template->param( js_widgets => $in->{'js_widgets'} );
+
+        $template->param( sessionID        => $sessionID );
+        
+        my ($total, $pubshelves) = C4::Context->get_shelves_userenv();  # an anonymous user has no 'barshelves'...
+        if (defined(($pubshelves))) {
+            $template->param(   pubshelves      => scalar (@$pubshelves),
+                                pubshelvesloop  => $pubshelves,
+                            );
+            $template->param(   pubtotal        => $total->{'pubtotal'}, ) if ($total->{'pubtotal'} > scalar (@$pubshelves));
+        }
+
+    }
+       # Anonymous opac search history
+       # If opac search history is enabled and at least one search has already been performed
+       if (C4::Context->preference('EnableOpacSearchHistory')) {
+               my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches');
+               if ($searchcookie){
+                       $searchcookie = uri_unescape($searchcookie);
+                       my @recentSearches = @{thaw($searchcookie) || []};
+           # We show the link in opac
+                       if (@recentSearches) {
+                               $template->param(ShowOpacRecentSearchLink => 1);
+                       }
+           }
+       }
+
+    if(C4::Context->preference('dateformat')){
+        if(C4::Context->preference('dateformat') eq "metric"){
+            $template->param(dateformat_metric => 1);
+        } elsif(C4::Context->preference('dateformat') eq "us"){
+            $template->param(dateformat_us => 1);
+        } else {
+            $template->param(dateformat_iso => 1);
+        }
+    } else {
+        $template->param(dateformat_iso => 1);
+    }
+
+    # these template parameters are set the same regardless of $in->{'type'}
+    $template->param(
+            "BiblioDefaultView".C4::Context->preference("BiblioDefaultView")         => 1,
+            EnhancedMessagingPreferences => C4::Context->preference('EnhancedMessagingPreferences'),
+            GoogleJackets                => C4::Context->preference("GoogleJackets"),
+            KohaAdminEmailAddress        => "" . C4::Context->preference("KohaAdminEmailAddress"),
+            LoginBranchcode              => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
+            LoginFirstname               => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
+            LoginSurname                 => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu",
+            TagsEnabled                  => C4::Context->preference("TagsEnabled"),
+            hide_marc                    => C4::Context->preference("hide_marc"),
+            'item-level_itypes'          => C4::Context->preference('item-level_itypes'),
+            patronimages                 => C4::Context->preference("patronimages"),
+            singleBranchMode             => C4::Context->preference("singleBranchMode"),
+            XSLTDetailsDisplay           => C4::Context->preference("XSLTDetailsDisplay"),
+            XSLTResultsDisplay           => C4::Context->preference("XSLTResultsDisplay"),
+            BranchesLoop                 => GetBranchesLoop(),
+            using_https                  => $in->{'query'}->https() ? 1 : 0,
+            noItemTypeImages            => C4::Context->preference("noItemTypeImages"),
+    );
 
     if ( $in->{'type'} eq "intranet" ) {
         $template->param(
 
     if ( $in->{'type'} eq "intranet" ) {
         $template->param(
-            intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
-            intranetstylesheet => C4::Context->preference("intranetstylesheet"),
-            IntranetNav        => C4::Context->preference("IntranetNav"),
-            intranetuserjs     => C4::Context->preference("intranetuserjs"),
-            TemplateEncoding   => C4::Context->preference("TemplateEncoding"),
-            AmazonContent      => C4::Context->preference("AmazonContent"),
-            LibraryName        => C4::Context->preference("LibraryName"),
-            LoginBranchcode    => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
-            LoginBranchname    => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"),
-            LoginFirstname     => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
-            LoginSurname       => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu", 
-            AutoLocation       => C4::Context->preference("AutoLocation"),
-            hide_marc          => C4::Context->preference("hide_marc"),
-            patronimages       => C4::Context->preference("patronimages"),
+            AmazonContent               => C4::Context->preference("AmazonContent"),
+            AmazonCoverImages           => C4::Context->preference("AmazonCoverImages"),
+            AmazonEnabled               => C4::Context->preference("AmazonEnabled"),
+            AmazonSimilarItems          => C4::Context->preference("AmazonSimilarItems"),
+            AutoLocation                => C4::Context->preference("AutoLocation"),
             "BiblioDefaultView".C4::Context->preference("IntranetBiblioDefaultView") => 1,
             "BiblioDefaultView".C4::Context->preference("IntranetBiblioDefaultView") => 1,
-            advancedMARCEditor      => C4::Context->preference("advancedMARCEditor"),
-            suggestion              => C4::Context->preference("suggestion"),
-            virtualshelves          => C4::Context->preference("virtualshelves"),
-            LibraryName             => C4::Context->preference("LibraryName"),
-            KohaAdminEmailAddress   => "" . C4::Context->preference("KohaAdminEmailAddress"),
-            IntranetmainUserblock   => C4::Context->preference("IntranetmainUserblock"),
-            IndependantBranches     => C4::Context->preference("IndependantBranches"),
-                       CircAutocompl => C4::Context->preference("CircAutocompl"),
-                       FRBRizeEditions => C4::Context->preference("FRBRizeEditions"),
-                       AmazonSimilarItems => C4::Context->preference("AmazonSimilarItems"),
-                       'item-level_itypes' => C4::Context->preference('item-level_itypes'),
-                       canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'),
-                       intranetreadinghistory => C4::Context->preference("intranetreadinghistory"),
-                       noItemTypeImages => C4::Context->preference("noItemTypeImages"),
-            singleBranchMode => C4::Context->preference("singleBranchMode"),
-                       TagsEnabled => C4::Context->preference("TagsEnabled"),
-                       GoogleJackets => C4::Context->preference("GoogleJackets"),
-                       AuthorisedValueImages => C4::Context->preference("AuthorisedValueImages"),
+            CircAutocompl               => C4::Context->preference("CircAutocompl"),
+            FRBRizeEditions             => C4::Context->preference("FRBRizeEditions"),
+            IndependantBranches         => C4::Context->preference("IndependantBranches"),
+            IntranetNav                 => C4::Context->preference("IntranetNav"),
+            IntranetmainUserblock       => C4::Context->preference("IntranetmainUserblock"),
+            LibraryName                 => C4::Context->preference("LibraryName"),
+            LoginBranchname             => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"),
+            advancedMARCEditor          => C4::Context->preference("advancedMARCEditor"),
+            canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'),
+            intranetcolorstylesheet     => C4::Context->preference("intranetcolorstylesheet"),
+            intranetreadinghistory      => C4::Context->preference("intranetreadinghistory"),
+            intranetstylesheet          => C4::Context->preference("intranetstylesheet"),
+            intranetuserjs              => C4::Context->preference("intranetuserjs"),
+            intranetbookbag             => C4::Context->preference("intranetbookbag"),
+            suggestion                  => C4::Context->preference("suggestion"),
+            virtualshelves              => C4::Context->preference("virtualshelves"),
+            StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"),
+            NoZebra                     => C4::Context->preference('NoZebra'),
         );
     }
     else {
         warn "template type should be OPAC, here it is=[" . $in->{'type'} . "]" unless ( $in->{'type'} eq 'opac' );
         );
     }
     else {
         warn "template type should be OPAC, here it is=[" . $in->{'type'} . "]" unless ( $in->{'type'} eq 'opac' );
+        #TODO : replace LibraryName syspref with 'system name', and remove this html processing
         my $LibraryNameTitle = C4::Context->preference("LibraryName");
         $LibraryNameTitle =~ s/<(?:\/?)(?:br|p)\s*(?:\/?)>/ /sgi;
         $LibraryNameTitle =~ s/<(?:[^<>'"]|'(?:[^']*)'|"(?:[^"]*)")*>//sg;
         my $LibraryNameTitle = C4::Context->preference("LibraryName");
         $LibraryNameTitle =~ s/<(?:\/?)(?:br|p)\s*(?:\/?)>/ /sgi;
         $LibraryNameTitle =~ s/<(?:[^<>'"]|'(?:[^']*)'|"(?:[^"]*)")*>//sg;
-  $template->param(
-            KohaAdminEmailAddress  => "" . C4::Context->preference("KohaAdminEmailAddress"),
-            AnonSuggestions =>  "" . C4::Context->preference("AnonSuggestions"),
-            suggestion             => "" . C4::Context->preference("suggestion"),
-            OPACViewOthersSuggestions             => "" . C4::Context->preference("OPACViewOthersSuggestions"),
-            virtualshelves         => "" . C4::Context->preference("virtualshelves"),
-            OpacNav                => "" . C4::Context->preference("OpacNav"),
-            opacheader             => "" . C4::Context->preference("opacheader"),
-            opaccredits            => "" . C4::Context->preference("opaccredits"),
-            opacsmallimage         => "" . C4::Context->preference("opacsmallimage"),
-            opaclargeimage         => "" . C4::Context->preference("opaclargeimage"),
-            opaclayoutstylesheet   => "". C4::Context->preference("opaclayoutstylesheet"),
-            opaccolorstylesheet    => "". C4::Context->preference("opaccolorstylesheet"),
-            OPACUserCSS    => "". C4::Context->preference("OPACUserCSS"),
-            opaclanguagesdisplay   => "". C4::Context->preference("opaclanguagesdisplay"),
-            opacuserlogin          => "" . C4::Context->preference("opacuserlogin"),
-                       OpacMainUserBlock =>  "" . C4::Context->preference("OpacMainUserBlock"),
-                       OPACURLOpenInNewWindow =>  "" . C4::Context->preference("OPACURLOpenInNewWindow"),
-            opacbookbag            => "" . C4::Context->preference("opacbookbag"),
-            TemplateEncoding       => "". C4::Context->preference("TemplateEncoding"),
-            AmazonContent          => "" . C4::Context->preference("AmazonContent"),
-            OPACShelfBrowser       => "". C4::Context->preference("OPACShelfBrowser"),
-            OPACAmazonSimilarItems => "" . C4::Context->preference("OPACAmazonSimilarItems"),
-            LibraryName            => "" . C4::Context->preference("LibraryName"),
-            LibraryNameTitle       => "" . $LibraryNameTitle,
-            LoginBranchcode        => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
-            LoginBranchname        => C4::Context->userenv?C4::Context->userenv->{"branchname"}:"", 
-            LoginFirstname        => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
-            LoginSurname        => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu", 
-            OpacPasswordChange     => C4::Context->preference("OpacPasswordChange"),
-            opacreadinghistory     => C4::Context->preference("opacreadinghistory"),
-            opacuserjs             => C4::Context->preference("opacuserjs"),
-            OpacCloud              => C4::Context->preference("OpacCloud"),
-            OpacTopissue           => C4::Context->preference("OpacTopissue"),
-            OpacAuthorities        => C4::Context->preference("OpacAuthorities"),
-            OpacBrowser            => C4::Context->preference("OpacBrowser"),
-            RequestOnOpac          => C4::Context->preference("RequestOnOpac"),
-                       OPACItemHolds          => C4::Context->preference("OPACItemHolds"),
-            reviewson              => C4::Context->preference("reviewson"),
-            hide_marc              => C4::Context->preference("hide_marc"),
-            patronimages           => C4::Context->preference("patronimages"),
-            hidelostitems          => C4::Context->preference("hidelostitems"),
-            mylibraryfirst   => C4::Context->preference("SearchMyLibraryFirst"),
-            "BiblioDefaultView".C4::Context->preference("BiblioDefaultView") => 1,
-            OPACFRBRizeEditions => C4::Context->preference("OPACFRBRizeEditions"),
-            'item-level_itypes' => C4::Context->preference('item-level_itypes'),
-            'Version' => C4::Context->preference('Version'),
-            singleBranchMode => C4::Context->preference("singleBranchMode"),
-            XSLTResultsDisplay => C4::Context->preference("XSLTResultsDisplay"),
-            XSLTDetailsDisplay => C4::Context->preference("XSLTDetailsDisplay"),
-                       TagsEnabled => C4::Context->preference("TagsEnabled"),
-                       GoogleJackets => C4::Context->preference("GoogleJackets"),
-                       AuthorisedValueImages => C4::Context->preference("AuthorisedValueImages"),
-                       OPACBaseURL=> ($in->{'query'}->https() ? "https://" : "http://") .
-                          $ENV{'SERVER_NAME'} . 
-                          ($ENV{'SERVER_PORT'} eq ($in->{'query'}->https() ? "443" : "80") ? '' : ":$ENV{'SERVER_PORT'}"),
+        # variables passed from CGI: opac_css_override and opac_search_limits.
+        my $opac_search_limit = $ENV{'OPAC_SEARCH_LIMIT'};
+        my $opac_limit_override = $ENV{'OPAC_LIMIT_OVERRIDE'};
+        my $mylibraryfirst = C4::Context->preference("SearchMyLibraryFirst");
+        my $opac_name;
+        if($opac_limit_override && ($opac_search_limit =~ /branch:(\w+)/) ){
+             $opac_name = C4::Branch::GetBranchName($1)   # opac_search_limit is a branch, so we use it.
+        } elsif($mylibraryfirst){
+            $opac_name = C4::Branch::GetBranchName($mylibraryfirst);
+        }
+        $template->param(
+            AmazonContent             => "" . C4::Context->preference("AmazonContent"),
+            AnonSuggestions           => "" . C4::Context->preference("AnonSuggestions"),
+            AuthorisedValueImages     => C4::Context->preference("AuthorisedValueImages"),
+            LibraryName               => "" . C4::Context->preference("LibraryName"),
+            LibraryNameTitle          => "" . $LibraryNameTitle,
+            LoginBranchname           => C4::Context->userenv?C4::Context->userenv->{"branchname"}:"",
+            OPACAmazonEnabled         => C4::Context->preference("OPACAmazonEnabled"),
+            OPACAmazonSimilarItems    => C4::Context->preference("OPACAmazonSimilarItems"),
+            OPACAmazonCoverImages     => C4::Context->preference("OPACAmazonCoverImages"),
+            OPACAmazonReviews         => C4::Context->preference("OPACAmazonReviews"),
+            OPACFRBRizeEditions       => C4::Context->preference("OPACFRBRizeEditions"),
+            OpacHighlightedWords       => C4::Context->preference("OpacHighlightedWords"),
+            OPACItemHolds             => C4::Context->preference("OPACItemHolds"),
+            OPACShelfBrowser          => "". C4::Context->preference("OPACShelfBrowser"),
+            OPACURLOpenInNewWindow    => "" . C4::Context->preference("OPACURLOpenInNewWindow"),
+            OPACUserCSS               => "". C4::Context->preference("OPACUserCSS"),
+            OPACViewOthersSuggestions => "" . C4::Context->preference("OPACViewOthersSuggestions"),
+            OpacAuthorities           => C4::Context->preference("OpacAuthorities"),
+            OPACBaseURL               => ($in->{'query'}->https() ? "https://" : "http://") . $ENV{'SERVER_NAME'} .
+                   ($ENV{'SERVER_PORT'} eq ($in->{'query'}->https() ? "443" : "80") ? '' : ":$ENV{'SERVER_PORT'}"),
+            opac_name             => $opac_name,
+            opac_css_override           => $ENV{'OPAC_CSS_OVERRIDE'},
+            opac_search_limit         => $opac_search_limit,
+            opac_limit_override       => $opac_limit_override,
+            OpacBrowser               => C4::Context->preference("OpacBrowser"),
+            OpacCloud                 => C4::Context->preference("OpacCloud"),
+            OpacMainUserBlock         => "" . C4::Context->preference("OpacMainUserBlock"),
+            OpacNav                   => "" . C4::Context->preference("OpacNav"),
+            OpacPasswordChange        => C4::Context->preference("OpacPasswordChange"),
+            OPACPatronDetails        => C4::Context->preference("OPACPatronDetails"),
+            OPACFinesTab              => C4::Context->preference("OPACFinesTab"),
+            OpacTopissue              => C4::Context->preference("OpacTopissue"),
+            RequestOnOpac             => C4::Context->preference("RequestOnOpac"),
+            'Version'                 => C4::Context->preference('Version'),
+            hidelostitems             => C4::Context->preference("hidelostitems"),
+            mylibraryfirst            => (C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv) ? C4::Context->userenv->{'branch'} : '',
+            opaclayoutstylesheet      => "" . C4::Context->preference("opaclayoutstylesheet"),
+            opaccolorstylesheet       => "" . C4::Context->preference("opaccolorstylesheet"),
+            opacstylesheet            => "" . C4::Context->preference("opacstylesheet"),
+            opacbookbag               => "" . C4::Context->preference("opacbookbag"),
+            opaccredits               => "" . C4::Context->preference("opaccredits"),
+            opacheader                => "" . C4::Context->preference("opacheader"),
+            opaclanguagesdisplay      => "" . C4::Context->preference("opaclanguagesdisplay"),
+            opacreadinghistory        => C4::Context->preference("opacreadinghistory"),
+            opacsmallimage            => "" . C4::Context->preference("opacsmallimage"),
+            opacuserjs                => C4::Context->preference("opacuserjs"),
+            opacuserlogin             => "" . C4::Context->preference("opacuserlogin"),
+            reviewson                 => C4::Context->preference("reviewson"),
+            suggestion                => "" . C4::Context->preference("suggestion"),
+            virtualshelves            => "" . C4::Context->preference("virtualshelves"),
+            OPACSerialIssueDisplayCount => C4::Context->preference("OPACSerialIssueDisplayCount"),
+            OpacAddMastheadLibraryPulldown => C4::Context->preference("OpacAddMastheadLibraryPulldown"),
+            OPACXSLTDetailsDisplay           => C4::Context->preference("OPACXSLTDetailsDisplay"),
+            OPACXSLTResultsDisplay           => C4::Context->preference("OPACXSLTResultsDisplay"),
+            SyndeticsClientCode          => C4::Context->preference("SyndeticsClientCode"),
+            SyndeticsEnabled             => C4::Context->preference("SyndeticsEnabled"),
+            SyndeticsCoverImages         => C4::Context->preference("SyndeticsCoverImages"),
+            SyndeticsTOC                 => C4::Context->preference("SyndeticsTOC"),
+            SyndeticsSummary             => C4::Context->preference("SyndeticsSummary"),
+            SyndeticsEditions            => C4::Context->preference("SyndeticsEditions"),
+            SyndeticsExcerpt             => C4::Context->preference("SyndeticsExcerpt"),
+            SyndeticsReviews             => C4::Context->preference("SyndeticsReviews"),
+            SyndeticsAuthorNotes         => C4::Context->preference("SyndeticsAuthorNotes"),
+            SyndeticsAwards              => C4::Context->preference("SyndeticsAwards"),
+            SyndeticsSeries              => C4::Context->preference("SyndeticsSeries"),
+            SyndeticsCoverImageSize      => C4::Context->preference("SyndeticsCoverImageSize"),
         );
     }
        $template->param(listloop=>[{shelfname=>"Freelist", shelfnumber=>110}]);
     return ( $template, $borrowernumber, $cookie, $flags);
 }
 
         );
     }
        $template->param(listloop=>[{shelfname=>"Freelist", shelfnumber=>110}]);
     return ( $template, $borrowernumber, $cookie, $flags);
 }
 
-=item checkauth
+=head2 checkauth
 
   ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type);
 
 
   ($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type);
 
@@ -361,21 +494,22 @@ that the user must have the "circulate" privilege in order to
 proceed. To make sure that access control is correct, the
 C<$flagsrequired> parameter must be specified correctly.
 
 proceed. To make sure that access control is correct, the
 C<$flagsrequired> parameter must be specified correctly.
 
-If the GranularPermissions system preference is ON, the
-value of each key in the C<flagsrequired> hash takes on an additional
-meaning, e.g.,
+Koha also has a concept of sub-permissions, also known as
+granular permissions.  This makes the value of each key
+in the C<flagsrequired> hash take on an additional
+meaning, i.e.,
 
 
-=item 1
+ 1
 
 The user must have access to all subfunctions of the module
 specified by the hash key.
 
 
 The user must have access to all subfunctions of the module
 specified by the hash key.
 
-=item *
+ *
 
 The user must have access to at least one subfunction of the module
 specified by the hash key.
 
 
 The user must have access to at least one subfunction of the module
 specified by the hash key.
 
-=item specific permission, e.g., 'export_catalog'
+ specific permission, e.g., 'export_catalog'
 
 The user must have access to the specific subfunction list, which
 must correspond to a row in the permissions table.
 
 The user must have access to the specific subfunction list, which
 must correspond to a row in the permissions table.
@@ -394,7 +528,7 @@ user has authenticated, C<&checkauth> restarts the original script
 
 The login page is provided using a HTML::Template, which is set in the
 systempreferences table or at the top of this file. The variable C<$type>
 
 The login page is provided using a HTML::Template, which is set in the
 systempreferences table or at the top of this file. The variable C<$type>
-selects which template to use, either the opac or the intranet 
+selects which template to use, either the opac or the intranet
 authentification template.
 
 C<&checkauth> returns a user ID, a cookie, and a session ID. The
 authentification template.
 
 C<&checkauth> returns a user ID, a cookie, and a session ID. The
@@ -409,12 +543,16 @@ sub _version_check ($$) {
     my $version;
     # If Version syspref is unavailable, it means Koha is beeing installed,
     # and so we must redirect to OPAC maintenance page or to the WebInstaller
     my $version;
     # If Version syspref is unavailable, it means Koha is beeing installed,
     # and so we must redirect to OPAC maintenance page or to the WebInstaller
-    #warn "about to check version";
+       # also, if OpacMaintenance is ON, OPAC should redirect to maintenance
+       if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') {
+               warn "OPAC Install required, redirecting to maintenance";
+               print $query->redirect("/cgi-bin/koha/maintenance.pl");
+       }
     unless ($version = C4::Context->preference('Version')) {    # assignment, not comparison
       if ($type ne 'opac') {
         warn "Install required, redirecting to Installer";
         print $query->redirect("/cgi-bin/koha/installer/install.pl");
     unless ($version = C4::Context->preference('Version')) {    # assignment, not comparison
       if ($type ne 'opac') {
         warn "Install required, redirecting to Installer";
         print $query->redirect("/cgi-bin/koha/installer/install.pl");
-      } 
+      }
       else {
         warn "OPAC Install required, redirecting to maintenance";
         print $query->redirect("/cgi-bin/koha/maintenance.pl");
       else {
         warn "OPAC Install required, redirecting to maintenance";
         print $query->redirect("/cgi-bin/koha/maintenance.pl");
@@ -438,7 +576,7 @@ sub _version_check ($$) {
         } else {
             warn sprintf("OPAC: " . $warning, 'maintenance');
             print $query->redirect("/cgi-bin/koha/maintenance.pl");
         } else {
             warn sprintf("OPAC: " . $warning, 'maintenance');
             print $query->redirect("/cgi-bin/koha/maintenance.pl");
-        }       
+        }
         exit;
     }
 }
         exit;
     }
 }
@@ -471,8 +609,9 @@ sub checkauth {
     # state variables
     my $loggedin = 0;
     my %info;
     # state variables
     my $loggedin = 0;
     my %info;
-    my ( $userid, $cookie, $sessionID, $flags, $shelves );
+    my ( $userid, $cookie, $sessionID, $flags, $barshelves, $pubshelves );
     my $logout = $query->param('logout.x');
     my $logout = $query->param('logout.x');
+
     if ( $userid = $ENV{'REMOTE_USER'} ) {
         # Using Basic Authentication, no cookies required
         $cookie = $query->cookie(
     if ( $userid = $ENV{'REMOTE_USER'} ) {
         # Using Basic Authentication, no cookies required
         $cookie = $query->cookie(
@@ -482,10 +621,10 @@ sub checkauth {
         );
         $loggedin = 1;
     }
         );
         $loggedin = 1;
     }
-    elsif ( $sessionID = $query->cookie("CGISESSID")) {     # assignment, not comparison 
+    elsif ( $sessionID = $query->cookie("CGISESSID")) {     # assignment, not comparison
         my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
         my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
-        my ($ip, $lasttime);
+        my ($ip, $lasttime, $sessiontype);
         if ($session){
             C4::Context::set_userenv(
                 $session->param('number'),       $session->param('id'),
         if ($session){
             C4::Context::set_userenv(
                 $session->param('number'),       $session->param('id'),
@@ -494,183 +633,245 @@ sub checkauth {
                 $session->param('branchname'),   $session->param('flags'),
                 $session->param('emailaddress'), $session->param('branchprinter')
             );
                 $session->param('branchname'),   $session->param('flags'),
                 $session->param('emailaddress'), $session->param('branchprinter')
             );
-            C4::Context::set_shelves_userenv($session->param('shelves'));
+            C4::Context::set_shelves_userenv('bar',$session->param('barshelves'));
+            C4::Context::set_shelves_userenv('pub',$session->param('pubshelves'));
+            C4::Context::set_shelves_userenv('tot',$session->param('totshelves'));
             $debug and printf STDERR "AUTH_SESSION: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
             $ip       = $session->param('ip');
             $lasttime = $session->param('lasttime');
             $userid   = $session->param('id');
             $debug and printf STDERR "AUTH_SESSION: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
             $ip       = $session->param('ip');
             $lasttime = $session->param('lasttime');
             $userid   = $session->param('id');
+                       $sessiontype = $session->param('sessiontype');
         }
         }
-    
-        if ($logout) {
-            # voluntary logout the user
+        if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
+            #if a user enters an id ne to the id in the current session, we need to log them in...
+            #first we need to clear the anonymous session...
+            $debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
             $session->flush;      
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
             $session->flush;      
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
-            _session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,localtime);
+                       $sessionID = undef;
+                       $userid = undef;
+               }
+        elsif ($logout) {
+            # voluntary logout the user
+            $session->flush;
+            $session->delete();
+            C4::Context->_unset_userenv($sessionID);
+            _session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime));
             $sessionID = undef;
             $userid    = undef;
             $sessionID = undef;
             $userid    = undef;
+
+           if ($cas and $caslogout) {
+               logout_cas($query);
+           }
+        }
+        elsif ( $lasttime < time() - $timeout ) {
+            # timed logout
+            $info{'timed_out'} = 1;
+            $session->delete();
+            C4::Context->_unset_userenv($sessionID);
+            _session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime));
+            $userid    = undef;
+            $sessionID = undef;
+        }
+        elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+            # Different ip than originally logged in from
+            $info{'oldip'}        = $ip;
+            $info{'newip'}        = $ENV{'REMOTE_ADDR'};
+            $info{'different_ip'} = 1;
+            $session->delete();
+            C4::Context->_unset_userenv($sessionID);
+            _session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'});
+            $sessionID = undef;
+            $userid    = undef;
+        }
+        else {
+            $cookie = $query->cookie( CGISESSID => $session->id );
+            $session->param('lasttime',time());
+            unless ( $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
+                $flags = haspermission($userid, $flagsrequired);
+                if ($flags) {
+                    $loggedin = 1;
+                } else {
+                    $info{'nopermission'} = 1;
+                }
+            }
         }
         }
-               elsif ( $lasttime < time() - $timeout ) {
-                       # timed logout
-                       $info{'timed_out'} = 1;
-                       $session->delete();
-                       C4::Context->_unset_userenv($sessionID);
-                       _session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,localtime);
-                       $userid    = undef;
-                       $sessionID = undef;
-               }
-               elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
-                       # Different ip than originally logged in from
-                       $info{'oldip'}        = $ip;
-                       $info{'newip'}        = $ENV{'REMOTE_ADDR'};
-                       $info{'different_ip'} = 1;
-                       $session->delete();
-                       C4::Context->_unset_userenv($sessionID);
-                       _session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,localtime, $info{'newip'});
-                       $sessionID = undef;
-                       $userid    = undef;
-               }
-               else {
-                       $cookie = $query->cookie( CGISESSID => $session->id );
-                       $session->param('lasttime',time());
-                       $flags = haspermission( $dbh, $userid, $flagsrequired );
-                       if ($flags) {
-                               $loggedin = 1;
-                       } else {
-                               $info{'nopermission'} = 1;
-                       }
-               }
     }
     }
-    unless ($userid) {
-        my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
+    unless ($userid || $sessionID) {
+        #we initiate a session prior to checking for a username to allow for anonymous sessions...
+               my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
         my $sessionID = $session->id;
         my $sessionID = $session->id;
-        $userid    = $query->param('userid');
-        my $password = $query->param('password');
-        C4::Context->_new_userenv($sessionID);
-        my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
-        if ($return) {
-            _session_log(sprintf "%20s from %16s logged in  at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
-            $cookie = $query->cookie(CGISESSID => $sessionID);
-            if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
-                               $loggedin = 1;
-            }
-            else {
-                $info{'nopermission'} = 1;
-                C4::Context->_unset_userenv($sessionID);
-            }
-
-                       my ($borrowernumber, $firstname, $surname, $userflags,
-                               $branchcode, $branchname, $branchprinter, $emailaddress);
-
-            if ( $return == 1 ) {
-                my $select = "
-                SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode, 
-                        branches.branchname    as branchname, 
-                        branches.branchprinter as branchprinter, 
-                        email 
-                FROM borrowers 
-                LEFT JOIN branches on borrowers.branchcode=branches.branchcode
-                ";
-                my $sth = $dbh->prepare("$select where userid=?");
-                $sth->execute($userid);
-                               unless ($sth->rows) {
-                       $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
-                                       $sth = $dbh->prepare("$select where cardnumber=?");
-                    $sth->execute($cardnumber);
+               C4::Context->_new_userenv($sessionID);
+        $cookie = $query->cookie(CGISESSID => $sessionID);
+           $userid    = $query->param('userid');
+           if ($cas || $userid) {
+               my $password = $query->param('password');
+               my ($return, $cardnumber);
+               if ($cas && $query->param('ticket')) {
+                   my $retuserid;
+                   ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
+                   $userid = $retuserid;
+                   $info{'invalidCasLogin'} = 1 unless ($return);
+               } else {
+                   ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query );
+               }
+               if ($return) {
+               _session_log(sprintf "%20s from %16s logged in  at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime));
+               if ( $flags = haspermission(  $userid, $flagsrequired ) ) {
+                                       $loggedin = 1;
+               }
+                       else {
+                       $info{'nopermission'} = 1;
+                       C4::Context->_unset_userenv($sessionID);
+               }
+
+                               my ($borrowernumber, $firstname, $surname, $userflags,
+                                       $branchcode, $branchname, $branchprinter, $emailaddress);
+
+               if ( $return == 1 ) {
+                       my $select = "
+                       SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode, 
+                           branches.branchname    as branchname, 
+                               branches.branchprinter as branchprinter, 
+                               email 
+                       FROM borrowers 
+                       LEFT JOIN branches on borrowers.branchcode=branches.branchcode
+                       ";
+                       my $sth = $dbh->prepare("$select where userid=?");
+                       $sth->execute($userid);
                                        unless ($sth->rows) {
                                        unless ($sth->rows) {
-                               $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
-                       $sth->execute($userid);
+                               $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
+                                               $sth = $dbh->prepare("$select where cardnumber=?");
+                               $sth->execute($cardnumber);
                                                unless ($sth->rows) {
                                                unless ($sth->rows) {
-                                       $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+                                       $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
+                               $sth->execute($userid);
+                                                       unless ($sth->rows) {
+                                               $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+                                                       }
                                                }
                                        }
                                                }
                                        }
-                               }
-                if ($sth->rows) {
-                    ($borrowernumber, $firstname, $surname, $userflags,
-                       $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
-                                       $debug and print STDERR "AUTH_3 results: " .
-                                               "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
-                               } else {
-                                       print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
-                               }
+                       if ($sth->rows) {
+                       ($borrowernumber, $firstname, $surname, $userflags,
+                               $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
+                                               $debug and print STDERR "AUTH_3 results: " .
+                                                       "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
+                                       } else {
+                                               print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
+                                       }
 
 # launch a sequence to check if we have a ip for the branch, i
 # if we have one we replace the branchcode of the userenv by the branch bound in the ip.
 
 
 # launch a sequence to check if we have a ip for the branch, i
 # if we have one we replace the branchcode of the userenv by the branch bound in the ip.
 
-                my $ip       = $ENV{'REMOTE_ADDR'};
-                # if they specify at login, use that
-                if ($query->param('branch')) {
-                    $branchcode  = $query->param('branch');
-                    $branchname = GetBranchName($branchcode);
-                }
-                my $branches = GetBranches();
-                if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
-                                   # we have to check they are coming from the right ip range
-                                       my $domain = $branches->{$branchcode}->{'branchip'};
-                                       if ($ip !~ /^$domain/){
-                                               $loggedin=0;
-                                               $info{'wrongip'} = 1;
+                                       my $ip       = $ENV{'REMOTE_ADDR'};
+                                       # if they specify at login, use that
+                                       if ($query->param('branch')) {
+                                               $branchcode  = $query->param('branch');
+                                               $branchname = GetBranchName($branchcode);
+                                       }
+                                       my $branches = GetBranches();
+                                       if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
+                                               # we have to check they are coming from the right ip range
+                                               my $domain = $branches->{$branchcode}->{'branchip'};
+                                               if ($ip !~ /^$domain/){
+                                                       $loggedin=0;
+                                                       $info{'wrongip'} = 1;
+                                               }
                                        }
                                        }
-                               }
 
 
-                my @branchesloop;
-                foreach my $br ( keys %$branches ) {
-                    #     now we work with the treatment of ip
-                    my $domain = $branches->{$br}->{'branchip'};
-                    if ( $domain && $ip =~ /^$domain/ ) {
-                        $branchcode = $branches->{$br}->{'branchcode'};
+                                       my @branchesloop;
+                                       foreach my $br ( keys %$branches ) {
+                                               #     now we work with the treatment of ip
+                                               my $domain = $branches->{$br}->{'branchip'};
+                                               if ( $domain && $ip =~ /^$domain/ ) {
+                                                       $branchcode = $branches->{$br}->{'branchcode'};
 
 
-                        # new op dev : add the branchprinter and branchname in the cookie
-                        $branchprinter = $branches->{$br}->{'branchprinter'};
-                        $branchname    = $branches->{$br}->{'branchname'};
-                    }
-                }
-                $session->param('number',$borrowernumber);
-                $session->param('id',$userid);
-                $session->param('cardnumber',$cardnumber);
-                $session->param('firstname',$firstname);
-                $session->param('surname',$surname);
-                $session->param('branch',$branchcode);
-                $session->param('branchname',$branchname);
-                $session->param('flags',$userflags);
-                $session->param('emailaddress',$emailaddress);
-                $session->param('ip',$session->remote_addr());
-                $session->param('lasttime',time());
-                $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
-            }
-            elsif ( $return == 2 ) {
-                #We suppose the user is the superlibrarian
-                               $borrowernumber = 0;
-                $session->param('number',0);
-                $session->param('id',C4::Context->config('user'));
-                $session->param('cardnumber',C4::Context->config('user'));
-                $session->param('firstname',C4::Context->config('user'));
-                $session->param('surname',C4::Context->config('user'));
-                $session->param('branch','NO_LIBRARY_SET');
-                $session->param('branchname','NO_LIBRARY_SET');
-                $session->param('flags',1);
-                $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
-                $session->param('ip',$session->remote_addr());
-                $session->param('lasttime',time());
-            }
-            C4::Context::set_userenv(
-                $session->param('number'),       $session->param('id'),
-                $session->param('cardnumber'),   $session->param('firstname'),
-                $session->param('surname'),      $session->param('branch'),
-                $session->param('branchname'),   $session->param('flags'),
-                $session->param('emailaddress'), $session->param('branchprinter')
-            );
-                       $shelves = GetShelvesSummary($borrowernumber,2,10);
-                       $session->param('shelves', $shelves);
-                       C4::Context::set_shelves_userenv($shelves);
-        }
-        else {
-            if ($userid) {
-                $info{'invalid_username_or_password'} = 1;
-                C4::Context->_unset_userenv($sessionID);
-            }
-
-        }
+                                                       # new op dev : add the branchprinter and branchname in the cookie
+                                                       $branchprinter = $branches->{$br}->{'branchprinter'};
+                                                       $branchname    = $branches->{$br}->{'branchname'};
+                                               }
+                                       }
+                                       $session->param('number',$borrowernumber);
+                                       $session->param('id',$userid);
+                                       $session->param('cardnumber',$cardnumber);
+                                       $session->param('firstname',$firstname);
+                                       $session->param('surname',$surname);
+                                       $session->param('branch',$branchcode);
+                                       $session->param('branchname',$branchname);
+                                       $session->param('flags',$userflags);
+                                       $session->param('emailaddress',$emailaddress);
+                                       $session->param('ip',$session->remote_addr());
+                                       $session->param('lasttime',time());
+                                       $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
+                               }
+                               elsif ( $return == 2 ) {
+                                       #We suppose the user is the superlibrarian
+                                       $borrowernumber = 0;
+                                       $session->param('number',0);
+                                       $session->param('id',C4::Context->config('user'));
+                                       $session->param('cardnumber',C4::Context->config('user'));
+                                       $session->param('firstname',C4::Context->config('user'));
+                                       $session->param('surname',C4::Context->config('user'));
+                                       $session->param('branch','NO_LIBRARY_SET');
+                                       $session->param('branchname','NO_LIBRARY_SET');
+                                       $session->param('flags',1);
+                                       $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
+                                       $session->param('ip',$session->remote_addr());
+                                       $session->param('lasttime',time());
+                               }
+                               C4::Context::set_userenv(
+                                       $session->param('number'),       $session->param('id'),
+                                       $session->param('cardnumber'),   $session->param('firstname'),
+                                       $session->param('surname'),      $session->param('branch'),
+                                       $session->param('branchname'),   $session->param('flags'),
+                                       $session->param('emailaddress'), $session->param('branchprinter')
+                               );
+
+                               # Grab borrower's shelves and public shelves and add them to the session
+                               # $row_count determines how many records are returned from the db query
+                               # and the number of lists to be displayed of each type in the 'Lists' button drop down
+                               my $row_count = 10; # FIXME:This probably should be a syspref
+                               my ($total, $totshelves, $barshelves, $pubshelves);
+                               ($barshelves, $totshelves) = C4::VirtualShelves::GetRecentShelves(1, $row_count, $borrowernumber);
+                               $total->{'bartotal'} = $totshelves;
+                               ($pubshelves, $totshelves) = C4::VirtualShelves::GetRecentShelves(2, $row_count, undef);
+                               $total->{'pubtotal'} = $totshelves;
+                               $session->param('barshelves', $barshelves->[0]);
+                               $session->param('pubshelves', $pubshelves->[0]);
+                               $session->param('totshelves', $total);
+
+                               C4::Context::set_shelves_userenv('bar',$barshelves->[0]);
+                               C4::Context::set_shelves_userenv('pub',$pubshelves->[0]);
+                               C4::Context::set_shelves_userenv('tot',$total);
+                       }
+               else {
+               if ($userid) {
+                       $info{'invalid_username_or_password'} = 1;
+                       C4::Context->_unset_userenv($sessionID);
+               }
+                       }
+        }      # END if ( $userid    = $query->param('userid') )
+               elsif ($type eq "opac") {
+            # if we are here this is an anonymous session; add public lists to it and a few other items...
+            # anonymous sessions are created only for the OPAC
+                       $debug and warn "Initiating an anonymous session...";
+
+                       # Grab the public shelves and add to the session...
+                       my $row_count = 20; # FIXME:This probably should be a syspref
+                       my ($total, $totshelves, $pubshelves);
+                       ($pubshelves, $totshelves) = C4::VirtualShelves::GetRecentShelves(2, $row_count, undef);
+                       $total->{'pubtotal'} = $totshelves;
+                       $session->param('pubshelves', $pubshelves->[0]);
+                       $session->param('totshelves', $total);
+                       C4::Context::set_shelves_userenv('pub',$pubshelves->[0]);
+                       C4::Context::set_shelves_userenv('tot',$total);
+
+                       # setting a couple of other session vars...
+                       $session->param('ip',$session->remote_addr());
+                       $session->param('lasttime',time());
+                       $session->param('sessiontype','anon');
+               }
     }  # END unless ($userid)
     my $insecure = C4::Context->boolean_preference('insecure');
 
     }  # END unless ($userid)
     my $insecure = C4::Context->boolean_preference('insecure');
 
@@ -689,11 +890,11 @@ sub checkauth {
 # AUTH rejected, show the login/password template, after checking the DB.
 #
 #
 # AUTH rejected, show the login/password template, after checking the DB.
 #
 #
-    
+
     # get the inputs from the incoming query
     my @inputs = ();
     foreach my $name ( param $query) {
     # get the inputs from the incoming query
     my @inputs = ();
     foreach my $name ( param $query) {
-        (next) if ( $name eq 'userid' || $name eq 'password' );
+        (next) if ( $name eq 'userid' || $name eq 'password' || $name eq 'ticket' );
         my $value = $query->param($name);
         push @inputs, { name => $name, value => $value };
     }
         my $value = $query->param($name);
         push @inputs, { name => $name, value => $value };
     }
@@ -710,9 +911,9 @@ sub checkauth {
     $template->param(
     login        => 1,
         INPUTS               => \@inputs,
     $template->param(
     login        => 1,
         INPUTS               => \@inputs,
+        casAuthentication    => C4::Context->preference("casAuthentication"),
         suggestion           => C4::Context->preference("suggestion"),
         virtualshelves       => C4::Context->preference("virtualshelves"),
         suggestion           => C4::Context->preference("suggestion"),
         virtualshelves       => C4::Context->preference("virtualshelves"),
-        opaclargeimage       => C4::Context->preference("opaclargeimage"),
         LibraryName          => C4::Context->preference("LibraryName"),
         opacuserlogin        => C4::Context->preference("opacuserlogin"),
         OpacNav              => C4::Context->preference("OpacNav"),
         LibraryName          => C4::Context->preference("LibraryName"),
         opacuserlogin        => C4::Context->preference("opacuserlogin"),
         OpacNav              => C4::Context->preference("OpacNav"),
@@ -729,21 +930,27 @@ sub checkauth {
         OpacAuthorities      => C4::Context->preference("OpacAuthorities"),
         OpacBrowser          => C4::Context->preference("OpacBrowser"),
         opacheader           => C4::Context->preference("opacheader"),
         OpacAuthorities      => C4::Context->preference("OpacAuthorities"),
         OpacBrowser          => C4::Context->preference("OpacBrowser"),
         opacheader           => C4::Context->preference("opacheader"),
+        TagsEnabled                  => C4::Context->preference("TagsEnabled"),
         OPACUserCSS           => C4::Context->preference("OPACUserCSS"),
         intranetcolorstylesheet =>
                                                                C4::Context->preference("intranetcolorstylesheet"),
         intranetstylesheet => C4::Context->preference("intranetstylesheet"),
         OPACUserCSS           => C4::Context->preference("OPACUserCSS"),
         intranetcolorstylesheet =>
                                                                C4::Context->preference("intranetcolorstylesheet"),
         intranetstylesheet => C4::Context->preference("intranetstylesheet"),
+        intranetbookbag    => C4::Context->preference("intranetbookbag"),
         IntranetNav        => C4::Context->preference("IntranetNav"),
         intranetuserjs     => C4::Context->preference("intranetuserjs"),
         IntranetNav        => C4::Context->preference("IntranetNav"),
         intranetuserjs     => C4::Context->preference("intranetuserjs"),
-        TemplateEncoding   => C4::Context->preference("TemplateEncoding"),
         IndependantBranches=> C4::Context->preference("IndependantBranches"),
         AutoLocation       => C4::Context->preference("AutoLocation"),
         IndependantBranches=> C4::Context->preference("IndependantBranches"),
         AutoLocation       => C4::Context->preference("AutoLocation"),
-        yuipath            => C4::Context->preference("yuipath"),
                wrongip            => $info{'wrongip'}
     );
                wrongip            => $info{'wrongip'}
     );
-    
     $template->param( loginprompt => 1 ) unless $info{'nopermission'};
 
     $template->param( loginprompt => 1 ) unless $info{'nopermission'};
 
+    if ($cas) { 
+       $template->param(
+           casServerUrl    => login_cas_url(),
+           invalidCasLogin => $info{'invalidCasLogin'}
+       );
+    }
+
     my $self_url = $query->url( -absolute => 1 );
     $template->param(
         url         => $self_url,
     my $self_url = $query->url( -absolute => 1 );
     $template->param(
         url         => $self_url,
@@ -761,7 +968,7 @@ sub checkauth {
     exit;
 }
 
     exit;
 }
 
-=item check_api_auth
+=head2 check_api_auth
 
   ($status, $cookie, $sessionId) = check_api_auth($query, $userflags);
 
 
   ($status, $cookie, $sessionId) = check_api_auth($query, $userflags);
 
@@ -781,7 +988,7 @@ are OK.
 
 Possible return values in C<$status> are:
 
 
 Possible return values in C<$status> are:
 
-=over 4
+=over
 
 =item "ok" -- user authenticated; C<$cookie> and C<$sessionid> have valid values.
 
 
 =item "ok" -- user authenticated; C<$cookie> and C<$sessionid> have valid values.
 
@@ -863,7 +1070,7 @@ sub check_api_auth {
             } else {
                 my $cookie = $query->cookie( CGISESSID => $session->id );
                 $session->param('lasttime',time());
             } else {
                 my $cookie = $query->cookie( CGISESSID => $session->id );
                 $session->param('lasttime',time());
-                my $flags = haspermission( $dbh, $userid, $flagsrequired );
+                my $flags = haspermission($userid, $flagsrequired);
                 if ($flags) {
                     return ("ok", $cookie, $sessionID);
                 } else {
                 if ($flags) {
                     return ("ok", $cookie, $sessionID);
                 } else {
@@ -879,14 +1086,21 @@ sub check_api_auth {
         }
     } else {
         # new login
         }
     } else {
         # new login
-        my $userid = $query->param('userid');   
-        my $password = $query->param('password');   
+        my $userid = $query->param('userid');
+        my $password = $query->param('password');
         unless ($userid and $password) {
             # caller did something wrong, fail the authenticateion
             return ("failed", undef, undef);
         }
         unless ($userid and $password) {
             # caller did something wrong, fail the authenticateion
             return ("failed", undef, undef);
         }
-        my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
-        if ($return and haspermission( $dbh, $userid, $flagsrequired)) {
+       my ($return, $cardnumber);
+       if ($cas && $query->param('ticket')) {
+           my $retuserid;
+           ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
+           $userid = $retuserid;
+       } else {
+           ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query );
+       }
+        if ($return and haspermission(  $userid, $flagsrequired)) {
             my $session = get_session("");
             return ("failed", undef, undef) unless $session;
 
             my $session = get_session("");
             return ("failed", undef, undef) unless $session;
 
@@ -973,7 +1187,7 @@ sub check_api_auth {
                 $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
                 $session->param('ip',$session->remote_addr());
                 $session->param('lasttime',time());
                 $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
                 $session->param('ip',$session->remote_addr());
                 $session->param('lasttime',time());
-            } 
+            }
             C4::Context::set_userenv(
                 $session->param('number'),       $session->param('id'),
                 $session->param('cardnumber'),   $session->param('firstname'),
             C4::Context::set_userenv(
                 $session->param('number'),       $session->param('id'),
                 $session->param('cardnumber'),   $session->param('firstname'),
@@ -985,10 +1199,10 @@ sub check_api_auth {
         } else {
             return ("failed", undef, undef);
         }
         } else {
             return ("failed", undef, undef);
         }
-    } 
+    }
 }
 
 }
 
-=item check_cookie_auth
+=head2 check_cookie_auth
 
   ($status, $sessionId) = check_api_auth($cookie, $userflags);
 
 
   ($status, $sessionId) = check_api_auth($cookie, $userflags);
 
@@ -1001,7 +1215,7 @@ have been authenticated in the usual way.
 
 Possible return values in C<$status> are:
 
 
 Possible return values in C<$status> are:
 
-=over 4
+=over
 
 =item "ok" -- user authenticated; C<$sessionID> have valid values.
 
 
 =item "ok" -- user authenticated; C<$sessionID> have valid values.
 
@@ -1081,7 +1295,7 @@ sub check_cookie_auth {
             return ("expired", undef);
         } else {
             $session->param('lasttime',time());
             return ("expired", undef);
         } else {
             $session->param('lasttime',time());
-            my $flags = haspermission( $dbh, $userid, $flagsrequired );
+            my $flags = haspermission($userid, $flagsrequired);
             if ($flags) {
                 return ("ok", $sessionID);
             } else {
             if ($flags) {
                 return ("ok", $sessionID);
             } else {
@@ -1097,13 +1311,13 @@ sub check_cookie_auth {
     }
 }
 
     }
 }
 
-=item get_session
+=head2 get_session
 
   use CGI::Session;
   my $session = get_session($sessionID);
 
 Given a session ID, retrieve the CGI::Session object used to store
 
   use CGI::Session;
   my $session = get_session($sessionID);
 
 Given a session ID, retrieve the CGI::Session object used to store
-the session's state.  The session object can be used to store 
+the session's state.  The session object can be used to store
 data that needs to be accessed by different scripts during a
 user's session.
 
 data that needs to be accessed by different scripts during a
 user's session.
 
@@ -1132,13 +1346,22 @@ sub get_session {
 
 sub checkpw {
 
 
 sub checkpw {
 
-    my ( $dbh, $userid, $password ) = @_;
+    my ( $dbh, $userid, $password, $query ) = @_;
     if ($ldap) {
         $debug and print "## checkpw - checking LDAP\n";
         my ($retval,$retcard) = checkpw_ldap(@_);    # EXTERNAL AUTH
         ($retval) and return ($retval,$retcard);
     }
 
     if ($ldap) {
         $debug and print "## checkpw - checking LDAP\n";
         my ($retval,$retcard) = checkpw_ldap(@_);    # EXTERNAL AUTH
         ($retval) and return ($retval,$retcard);
     }
 
+    if ($cas && $query->param('ticket')) {
+        $debug and print STDERR "## checkpw - checking CAS\n";
+       # In case of a CAS authentication, we use the ticket instead of the password
+       my $ticket = $query->param('ticket');
+        my ($retval,$retcard,$retuserid) = checkpw_cas($dbh, $ticket, $query);    # EXTERNAL AUTH
+        ($retval) and return ($retval,$retcard,$retuserid);
+       return 0;
+    }
+
     # INTERNAL AUTH
     my $sth =
       $dbh->prepare(
     # INTERNAL AUTH
     my $sth =
       $dbh->prepare(
@@ -1149,7 +1372,7 @@ sub checkpw {
         my ( $md5password, $cardnumber, $borrowernumber, $userid, $firstname,
             $surname, $branchcode, $flags )
           = $sth->fetchrow;
         my ( $md5password, $cardnumber, $borrowernumber, $userid, $firstname,
             $surname, $branchcode, $flags )
           = $sth->fetchrow;
-        if ( md5_base64($password) eq $md5password ) {
+        if ( md5_base64($password) eq $md5password and $md5password ne "!") {
 
             C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
 
             C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
@@ -1192,12 +1415,14 @@ sub checkpw {
     return 0;
 }
 
     return 0;
 }
 
-=item getuserflags
+=head2 getuserflags
+
+    my $authflags = getuserflags($flags, $userid, [$dbh]);
 
 
- $authflags = getuserflags($flags,$dbh);
 Translates integer flags into permissions strings hash.
 
 C<$flags> is the integer userflags value ( borrowers.userflags )
 Translates integer flags into permissions strings hash.
 
 C<$flags> is the integer userflags value ( borrowers.userflags )
+C<$userid> is the members.userid, used for building subpermissions
 C<$authflags> is a hashref of permissions
 
 =cut
 C<$authflags> is a hashref of permissions
 
 =cut
@@ -1205,7 +1430,7 @@ C<$authflags> is a hashref of permissions
 sub getuserflags {
     my $flags   = shift;
     my $userid  = shift;
 sub getuserflags {
     my $flags   = shift;
     my $userid  = shift;
-    my $dbh     = shift;
+    my $dbh     = @_ ? shift : C4::Context->dbh;
     my $userflags;
     $flags = 0 unless $flags;
     my $sth = $dbh->prepare("SELECT bit, flag, defaulton FROM userflags");
     my $userflags;
     $flags = 0 unless $flags;
     my $sth = $dbh->prepare("SELECT bit, flag, defaulton FROM userflags");
@@ -1230,24 +1455,20 @@ sub getuserflags {
     return $userflags;
 }
 
     return $userflags;
 }
 
-=item get_user_subpermissions 
-
-=over 4
+=head2 get_user_subpermissions
 
 
-my $user_perm_hashref = get_user_subpermissions($userid);
-
-=back
+  $user_perm_hashref = get_user_subpermissions($userid);
 
 Given the userid (note, not the borrowernumber) of a staff user,
 
 Given the userid (note, not the borrowernumber) of a staff user,
-return a hashref of hashrefs of the specific subpermissions 
+return a hashref of hashrefs of the specific subpermissions
 accorded to the user.  An example return is
 
 accorded to the user.  An example return is
 
-{ 
+ {
     tools => {
         export_catalog => 1,
         import_patrons => 1,
     }
     tools => {
         export_catalog => 1,
         import_patrons => 1,
     }
-}
+ }
 
 The top-level hash-key is a module or function code from
 userflags.flag, while the second-level key is a code
 
 The top-level hash-key is a module or function code from
 userflags.flag, while the second-level key is a code
@@ -1263,7 +1484,7 @@ sub get_user_subpermissions {
     my $userid = shift;
 
     my $dbh = C4::Context->dbh;
     my $userid = shift;
 
     my $dbh = C4::Context->dbh;
-    my $sth = $dbh->prepare("SELECT flag, permissions.code
+    my $sth = $dbh->prepare("SELECT flag, user_permissions.code
                              FROM user_permissions
                              JOIN permissions USING (module_bit, code)
                              JOIN userflags ON (module_bit = bit)
                              FROM user_permissions
                              JOIN permissions USING (module_bit, code)
                              JOIN userflags ON (module_bit = bit)
@@ -1278,13 +1499,9 @@ sub get_user_subpermissions {
     return $user_perms;
 }
 
     return $user_perms;
 }
 
-=item get_all_subpermissions
+=head2 get_all_subpermissions
 
 
-=over 4
-
-my $perm_hashref = get_all_subpermissions();
-
-=back
+  my $perm_hashref = get_all_subpermissions();
 
 Returns a hashref of hashrefs defining all specific
 permissions currently defined.  The return value
 
 Returns a hashref of hashrefs defining all specific
 permissions currently defined.  The return value
@@ -1308,11 +1525,11 @@ sub get_all_subpermissions {
     return $all_perms;
 }
 
     return $all_perms;
 }
 
-=item haspermission 
+=head2 haspermission
 
 
-  $flags = ($dbh,$member,$flagsrequired);
+  $flags = ($userid, $flagsrequired);
 
 
-C<$member> may be either userid or overloaded with $borrower hashref from GetMemberDetails.
+C<$userid> the userid of the member
 C<$flags> is a hashref of required flags like C<$borrower-&lt;{authflags}> 
 
 Returns member's flags or 0 if a permission is not met.
 C<$flags> is a hashref of required flags like C<$borrower-&lt;{authflags}> 
 
 Returns member's flags or 0 if a permission is not met.
@@ -1320,41 +1537,30 @@ Returns member's flags or 0 if a permission is not met.
 =cut
 
 sub haspermission {
 =cut
 
 sub haspermission {
-    my ( $dbh, $userid, $flagsrequired ) = @_;
-    my ($flags,$intflags);
-    $dbh=C4::Context->dbh unless($dbh);
-    if(ref($userid)) {
-        $intflags = $userid->{'flags'};  
-    } else {
-        my $sth = $dbh->prepare("SELECT flags FROM borrowers WHERE userid=?");
-        $sth->execute($userid);
-        my ($intflags) = $sth->fetchrow;
-        $flags = getuserflags( $intflags, $userid, $dbh );
-    }
+    my ($userid, $flagsrequired) = @_;
+    my $sth = C4::Context->dbh->prepare("SELECT flags FROM borrowers WHERE userid=?");
+    $sth->execute($userid);
+    my $flags = getuserflags( $sth->fetchrow(), $userid );
     if ( $userid eq C4::Context->config('user') ) {
         # Super User Account from /etc/koha.conf
         $flags->{'superlibrarian'} = 1;
     }
     if ( $userid eq C4::Context->config('user') ) {
         # Super User Account from /etc/koha.conf
         $flags->{'superlibrarian'} = 1;
     }
-    if ( $userid eq 'demo' && C4::Context->config('demo') ) {
+    elsif ( $userid eq 'demo' && C4::Context->config('demo') ) {
         # Demo user that can do "anything" (demo=1 in /etc/koha.conf)
         $flags->{'superlibrarian'} = 1;
     }
     return $flags if $flags->{superlibrarian};
     foreach my $module ( keys %$flagsrequired ) {
         # Demo user that can do "anything" (demo=1 in /etc/koha.conf)
         $flags->{'superlibrarian'} = 1;
     }
     return $flags if $flags->{superlibrarian};
     foreach my $module ( keys %$flagsrequired ) {
-        if (C4::Context->preference('GranularPermissions')) {
-            my $subperm = $flagsrequired->{$module};
-            if ($subperm eq '*') {
-                return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) );
-            } else {
-                return 0 unless ( $flags->{$module} == 1 or
-                                    ( ref($flags->{$module}) and 
-                                      exists $flags->{$module}->{$subperm} and 
-                                      $flags->{$module}->{$subperm} == 1 
-                                    ) 
-                                );
-            }
+        my $subperm = $flagsrequired->{$module};
+        if ($subperm eq '*') {
+            return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) );
         } else {
         } else {
-            return 0 unless ( $flags->{$module} );
+            return 0 unless ( $flags->{$module} == 1 or
+                                ( ref($flags->{$module}) and
+                                  exists $flags->{$module}->{$subperm} and
+                                  $flags->{$module}->{$subperm} == 1
+                                )
+                            );
         }
     }
     return $flags;
         }
     }
     return $flags;
@@ -1364,6 +1570,10 @@ sub haspermission {
 
 sub getborrowernumber {
     my ($userid) = @_;
 
 sub getborrowernumber {
     my ($userid) = @_;
+    my $userenv = C4::Context->userenv;
+    if ( defined( $userenv ) && ref( $userenv ) eq 'HASH' && $userenv->{number} ) {
+        return $userenv->{number};
+    }
     my $dbh = C4::Context->dbh;
     for my $field ( 'userid', 'cardnumber' ) {
         my $sth =
     my $dbh = C4::Context->dbh;
     for my $field ( 'userid', 'cardnumber' ) {
         my $sth =
@@ -1381,8 +1591,6 @@ END { }    # module clean-up code here (global destructor)
 1;
 __END__
 
 1;
 __END__
 
-=back
-
 =head1 SEE ALSO
 
 CGI(3)
 =head1 SEE ALSO
 
 CGI(3)
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git