projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 20629: (follow-up) fix reverse_col value
[koha.git] / members / member-password.pl
diff --git a/members/member-password.pl b/members/member-password.pl
index 8128a3d..e886c41 100755 (executable)
--- a/members/member-password.pl
+++ b/members/member-password.pl
@@ -4,132 +4,116 @@
 #by chris@katipo.co.nz
 #converted to using templates 3/16/03 by mwhansen@hmc.edu
 
-use strict;
-use warnings;
+use Modern::Perl;
 
 use C4::Auth;
+use Koha::AuthUtils;
 use C4::Output;
 use C4::Context;
 use C4::Members;
-use C4::Branch;
 use C4::Circulation;
-use CGI;
+use CGI qw ( -utf8 );
 use C4::Members::Attributes qw(GetBorrowerAttributes);
+use Koha::AuthUtils;
+use Koha::Token;
 
-use Digest::MD5 qw(md5_base64);
+use Koha::Patrons;
+use Koha::Patron::Categories;
 
 my $input = new CGI;
 
 my $theme = $input->param('theme') || "default";
-                       # only used if allowthemeoverride is set
 
-my ($template, $loggedinuser, $cookie, $staffflags)
-    = get_template_and_user({template_name => "members/member-password.tmpl",
-                            query => $input,
-                            type => "intranet",
-                            authnotrequired => 0,
-                            flagsrequired => {borrowers => 1},
-                            debug => 1,
-                            });
+# only used if allowthemeoverride is set
 
-my $flagsrequired;
-$flagsrequired->{borrowers}=1;
-
-#my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired);
+my ( $template, $loggedinuser, $cookie, $staffflags ) = get_template_and_user(
+    {
+        template_name   => "members/member-password.tt",
+        query           => $input,
+        type            => "intranet",
+        authnotrequired => 0,
+        flagsrequired   => { borrowers => 'edit_borrowers' },
+        debug           => 1,
+    }
+);
 
-my $member=$input->param('member');
-my $cardnumber = $input->param('cardnumber');
+my $member      = $input->param('member');
+my $cardnumber  = $input->param('cardnumber');
 my $destination = $input->param('destination');
-my $errormsg;
-my ($bor)=GetMember('borrowernumber' => $member);
-if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' ) ) {
-       $errormsg = 'NOPERMISSION' unless($staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} );
-       # need superlibrarian for koha-conf.xml fakeuser.
+my $newpassword  = $input->param('newpassword');
+my $newpassword2 = $input->param('newpassword2');
+
+my @errors;
+
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+my $patron = Koha::Patrons->find( $member );
+output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
+my $category_type = $patron->category->category_type;
+my $bor = $patron->unblessed;
+
+if ( ( $member ne $loggedinuser ) && ( $category_type eq 'S' ) ) {
+    push( @errors, 'NOPERMISSION' )
+      unless ( $staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} );
+
+    # need superlibrarian for koha-conf.xml fakeuser.
 }
-my $newpassword = $input->param('newpassword');
-my $minpw = C4::Context->preference('minPasswordLength');
-$errormsg = 'SHORTPASSWORD' if( $newpassword && $minpw && (length($newpassword) < $minpw ) );
-
-if ( $newpassword  && ! $errormsg ) {
-    my $digest=md5_base64($input->param('newpassword'));
-    my $uid = $input->param('newuserid');
-    my $dbh=C4::Context->dbh;
-    if (changepassword($uid,$member,$digest)) {
-               $template->param(newpassword => $newpassword);
-               if ($destination eq 'circ') {
-                   print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber");               
-               } else {
-                   print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
-               }
-    } else {
-                       $errormsg = 'BADUSERID';
-           $template->param(othernames => $bor->{'othernames'},
-                                               surname     => $bor->{'surname'},
-                                               firstname   => $bor->{'firstname'},
-                                               userid      => $bor->{'userid'},
-                                               defaultnewpassword => $newpassword 
-                                               );
+
+push( @errors, 'NOMATCH' ) if ( ( $newpassword && $newpassword2 ) && ( $newpassword ne $newpassword2 ) );
+
+if ( $newpassword and not @errors ) {
+    my ( $is_valid, $error ) = Koha::AuthUtils::is_password_valid( $newpassword );
+    unless ( $is_valid ) {
+        push @errors, 'ERROR_password_too_short' if $error eq 'too_short';
+        push @errors, 'ERROR_password_too_weak' if $error eq 'too_weak';
+        push @errors, 'ERROR_password_has_whitespaces' if $error eq 'has_whitespaces';
     }
-} else {
-    my $userid = $bor->{'userid'};
-
-    my $chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-    my $length=int(rand(2))+C4::Context->preference("minPasswordLength");
-    my $defaultnewpassword='';
-    for (my $i=0; $i<$length; $i++) {
-       $defaultnewpassword.=substr($chars, int(rand(length($chars))),1);
+}
+
+if ( $newpassword and not @errors) {
+
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf({
+            session_id => scalar $input->cookie('CGISESSID'),
+            token  => scalar $input->param('csrf_token'),
+        });
+
+    my $uid    = $input->param('newuserid') || $bor->{userid};
+    my $password = $input->param('newpassword');
+    my $dbh    = C4::Context->dbh;
+    if ( Koha::Patrons->find( $member )->update_password($uid, $password) ) {
+        $template->param( newpassword => $newpassword );
+        if ( $destination eq 'circ' ) {
+            print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber");
+        }
+        else {
+            print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
+        }
     }
-       
-    if ( $bor->{'category_type'} eq 'C') {
-        my  ( $catcodes, $labels ) =  GetborCatFromCatType( 'A', 'WHERE category_type = ?' );
-        my $cnt = scalar(@$catcodes);
-        $template->param( 'CATCODE_MULTI' => 1) if $cnt > 1;
-        $template->param( 'catcode' =>    $catcodes->[0])  if $cnt == 1;
+    else {
+        push( @errors, 'BADUSERID' );
     }
-       
-$template->param( adultborrower => 1 ) if ( $bor->{'category_type'} eq 'A' );
-my ($picture, $dberror) = GetPatronImage($bor->{'cardnumber'});
-$template->param( picture => 1 ) if $picture;
+}
 
-if (C4::Context->preference('ExtendedPatronAttributes')) {
-    my $attributes = GetBorrowerAttributes($bor->{'borrowernumber'});
+if ( C4::Context->preference('ExtendedPatronAttributes') ) {
+    my $attributes = GetBorrowerAttributes( $bor->{'borrowernumber'} );
     $template->param(
         ExtendedPatronAttributes => 1,
-        extendedattributes => $attributes
+        extendedattributes       => $attributes
     );
 }
 
-    $template->param( othernames => $bor->{'othernames'},
-           surname     => $bor->{'surname'},
-           firstname   => $bor->{'firstname'},
-           borrowernumber => $bor->{'borrowernumber'},
-           cardnumber => $bor->{'cardnumber'},
-           categorycode => $bor->{'categorycode'},
-           category_type => $bor->{'category_type'},
-           categoryname => $bor->{'description'},
-           address => $bor->{'address'},
-           address2 => $bor->{'address2'},
-           city => $bor->{'city'},
-           state => $bor->{'state'},
-           zipcode => $bor->{'zipcode'},
-           country => $bor->{'country'},
-           phone => $bor->{'phone'},
-           email => $bor->{'email'},
-           branchcode => $bor->{'branchcode'},
-           branchname => GetBranchName($bor->{'branchcode'}),
-           userid      => $bor->{'userid'},
-           destination => $destination,
-               is_child        => ($bor->{'category_type'} eq 'C'),
-           defaultnewpassword => $defaultnewpassword,
-               activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
-       );
-
+$template->param(
+    patron                     => $patron,
+    destination                => $destination,
+    csrf_token                 => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }),
+);
 
+if ( scalar(@errors) ) {
+    $template->param( errormsg => 1 );
+    foreach my $error (@errors) {
+        $template->param($error) || $template->param( $error => 1 );
+    }
 }
 
-$template->param( member => $member,
-                                       errormsg => $errormsg,
-                                       $errormsg => 1 ,
-                                       minPasswordLength => $minpw );
-
 output_html_with_http_headers $input, $cookie, $template->output;
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git