X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=members%2Fmember-password.pl;h=d2255f8ddfb4f57042611842da6e312465fd9a95;hb=217d0df5175b4fbd907b747d3f29bf0a1d6d2c2b;hp=8128a3dff8ad24c86d7c9d9bd681f58ec4bdc91b;hpb=3982d97af3599aab990d407f9a5f973ae3922149;p=koha.git diff --git a/members/member-password.pl b/members/member-password.pl index 8128a3dff8..d2255f8ddf 100755 --- a/members/member-password.pl +++ b/members/member-password.pl @@ -8,128 +8,158 @@ use strict; use warnings; use C4::Auth; +use Koha::AuthUtils; use C4::Output; use C4::Context; use C4::Members; -use C4::Branch; use C4::Circulation; -use CGI; +use CGI qw ( -utf8 ); use C4::Members::Attributes qw(GetBorrowerAttributes); +use Koha::Patron::Images; +use Koha::Token; + +use Koha::Patron::Categories; use Digest::MD5 qw(md5_base64); my $input = new CGI; my $theme = $input->param('theme') || "default"; - # only used if allowthemeoverride is set -my ($template, $loggedinuser, $cookie, $staffflags) - = get_template_and_user({template_name => "members/member-password.tmpl", - query => $input, - type => "intranet", - authnotrequired => 0, - flagsrequired => {borrowers => 1}, - debug => 1, - }); +# only used if allowthemeoverride is set -my $flagsrequired; -$flagsrequired->{borrowers}=1; +my ( $template, $loggedinuser, $cookie, $staffflags ) = get_template_and_user( + { + template_name => "members/member-password.tt", + query => $input, + type => "intranet", + authnotrequired => 0, + flagsrequired => { borrowers => 1 }, + debug => 1, + } +); -#my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); +my $flagsrequired; +$flagsrequired->{borrowers} = 1; -my $member=$input->param('member'); -my $cardnumber = $input->param('cardnumber'); +my $member = $input->param('member'); +my $cardnumber = $input->param('cardnumber'); my $destination = $input->param('destination'); -my $errormsg; -my ($bor)=GetMember('borrowernumber' => $member); -if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' ) ) { - $errormsg = 'NOPERMISSION' unless($staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} ); - # need superlibrarian for koha-conf.xml fakeuser. +my $newpassword = $input->param('newpassword'); +my $newpassword2 = $input->param('newpassword2'); + +my @errors; + +my ($bor) = GetMember( 'borrowernumber' => $member ); + +if ( ( $member ne $loggedinuser ) && ( $bor->{'category_type'} eq 'S' ) ) { + push( @errors, 'NOPERMISSION' ) + unless ( $staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} ); + + # need superlibrarian for koha-conf.xml fakeuser. } -my $newpassword = $input->param('newpassword'); + +push( @errors, 'NOMATCH' ) if ( ( $newpassword && $newpassword2 ) && ( $newpassword ne $newpassword2 ) ); + my $minpw = C4::Context->preference('minPasswordLength'); -$errormsg = 'SHORTPASSWORD' if( $newpassword && $minpw && (length($newpassword) < $minpw ) ); - -if ( $newpassword && ! $errormsg ) { - my $digest=md5_base64($input->param('newpassword')); - my $uid = $input->param('newuserid'); - my $dbh=C4::Context->dbh; - if (changepassword($uid,$member,$digest)) { - $template->param(newpassword => $newpassword); - if ($destination eq 'circ') { - print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber"); - } else { - print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); - } - } else { - $errormsg = 'BADUSERID'; - $template->param(othernames => $bor->{'othernames'}, - surname => $bor->{'surname'}, - firstname => $bor->{'firstname'}, - userid => $bor->{'userid'}, - defaultnewpassword => $newpassword - ); +push( @errors, 'SHORTPASSWORD' ) if ( $newpassword && $minpw && ( length($newpassword) < $minpw ) ); + +if ( $newpassword && !scalar(@errors) ) { + + die "Wrong CSRF token" + unless Koha::Token->new->check_csrf({ + id => C4::Context->userenv->{id}, + secret => md5_base64( C4::Context->config('pass') ), + token => scalar $input->param('csrf_token'), + }); + + my $digest = Koha::AuthUtils::hash_password( scalar $input->param('newpassword') ); + my $uid = $input->param('newuserid') || $bor->{userid}; + my $dbh = C4::Context->dbh; + if ( Koha::Patrons->find( $member )->update_password($uid, $digest) ) { + $template->param( newpassword => $newpassword ); + if ( $destination eq 'circ' ) { + print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber"); + } + else { + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); + } + } + else { + push( @errors, 'BADUSERID' ); } -} else { +} +else { my $userid = $bor->{'userid'}; - my $chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - my $length=int(rand(2))+C4::Context->preference("minPasswordLength"); - my $defaultnewpassword=''; - for (my $i=0; $i<$length; $i++) { - $defaultnewpassword.=substr($chars, int(rand(length($chars))),1); + my $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + my $length = int( rand(2) ) + C4::Context->preference("minPasswordLength"); + my $defaultnewpassword = ''; + for ( my $i = 0 ; $i < $length ; $i++ ) { + $defaultnewpassword .= substr( $chars, int( rand( length($chars) ) ), 1 ); } - - if ( $bor->{'category_type'} eq 'C') { - my ( $catcodes, $labels ) = GetborCatFromCatType( 'A', 'WHERE category_type = ?' ); - my $cnt = scalar(@$catcodes); - $template->param( 'CATCODE_MULTI' => 1) if $cnt > 1; - $template->param( 'catcode' => $catcodes->[0]) if $cnt == 1; - } - + + $template->param( defaultnewpassword => $defaultnewpassword ); +} + +if ( $bor->{'category_type'} eq 'C') { + my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']}); + $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1; + $template->param( 'catcode' => $patron_categories->next ) if $patron_categories->count == 1; +} + $template->param( adultborrower => 1 ) if ( $bor->{'category_type'} eq 'A' ); -my ($picture, $dberror) = GetPatronImage($bor->{'cardnumber'}); -$template->param( picture => 1 ) if $picture; -if (C4::Context->preference('ExtendedPatronAttributes')) { - my $attributes = GetBorrowerAttributes($bor->{'borrowernumber'}); +my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber}); +$template->param( picture => 1 ) if $patron_image; + +if ( C4::Context->preference('ExtendedPatronAttributes') ) { + my $attributes = GetBorrowerAttributes( $bor->{'borrowernumber'} ); $template->param( ExtendedPatronAttributes => 1, - extendedattributes => $attributes + extendedattributes => $attributes ); } - $template->param( othernames => $bor->{'othernames'}, - surname => $bor->{'surname'}, - firstname => $bor->{'firstname'}, - borrowernumber => $bor->{'borrowernumber'}, - cardnumber => $bor->{'cardnumber'}, - categorycode => $bor->{'categorycode'}, - category_type => $bor->{'category_type'}, - categoryname => $bor->{'description'}, - address => $bor->{'address'}, - address2 => $bor->{'address2'}, - city => $bor->{'city'}, - state => $bor->{'state'}, - zipcode => $bor->{'zipcode'}, - country => $bor->{'country'}, - phone => $bor->{'phone'}, - email => $bor->{'email'}, - branchcode => $bor->{'branchcode'}, - branchname => GetBranchName($bor->{'branchcode'}), - userid => $bor->{'userid'}, - destination => $destination, - is_child => ($bor->{'category_type'} eq 'C'), - defaultnewpassword => $defaultnewpassword, - activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''), - ); - - +$template->param( + othernames => $bor->{'othernames'}, + surname => $bor->{'surname'}, + firstname => $bor->{'firstname'}, + borrowernumber => $bor->{'borrowernumber'}, + cardnumber => $bor->{'cardnumber'}, + categorycode => $bor->{'categorycode'}, + category_type => $bor->{'category_type'}, + categoryname => $bor->{'description'}, + address => $bor->{address}, + address2 => $bor->{'address2'}, + streettype => $bor->{streettype}, + city => $bor->{'city'}, + state => $bor->{'state'}, + zipcode => $bor->{'zipcode'}, + country => $bor->{'country'}, + phone => $bor->{'phone'}, + phonepro => $bor->{'phonepro'}, + mobile => $bor->{'mobile'}, + email => $bor->{'email'}, + emailpro => $bor->{'emailpro'}, + branchcode => $bor->{'branchcode'}, + userid => $bor->{'userid'}, + destination => $destination, + is_child => ( $bor->{'category_type'} eq 'C' ), + activeBorrowerRelationship => ( C4::Context->preference('borrowerRelationship') ne '' ), + minPasswordLength => $minpw, + RoutingSerials => C4::Context->preference('RoutingSerials'), + csrf_token => Koha::Token->new->generate_csrf({ + id => C4::Context->userenv->{id}, + secret => md5_base64( C4::Context->config('pass') ), + }), +); + +if ( scalar(@errors) ) { + $template->param( errormsg => 1 ); + foreach my $error (@errors) { + $template->param($error) || $template->param( $error => 1 ); + } } -$template->param( member => $member, - errormsg => $errormsg, - $errormsg => 1 , - minPasswordLength => $minpw ); - output_html_with_http_headers $input, $cookie, $template->output;