X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=tools%2Fpicture-upload.pl;h=804bd96b92cfa3e5ade03a68c8fa7eed895ee1ff;hb=9007c6e8587196ab05e5727eac1e4bbb6c4ae9e4;hp=6f29eaadac66db9b6f53f2cc54618d05c8dab4cf;hpb=af288205f50af3f49448569e7fb38bae6f2c615f;p=koha.git diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl index 6f29eaadac..804bd96b92 100755 --- a/tools/picture-upload.pl +++ b/tools/picture-upload.pl @@ -3,50 +3,55 @@ # # This file is part of Koha. # -# Koha is free software; you can redistribute it and/or modify it under the -# terms of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. +# Koha is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. # -# Koha is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR -# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# Koha is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with Koha; if not, see . # # # +use Modern::Perl; + use File::Temp; use File::Copy; -use CGI; -use Image::Magick; +use CGI qw ( -utf8 ); +use GD; use C4::Context; use C4::Auth; use C4::Output; use C4::Members; use C4::Debug; -#use Data::Dumper; + +use Koha::Patrons; +use Koha::Patron::Images; +use Koha::Token; my $input = new CGI; my ($template, $loggedinuser, $cookie) - = get_template_and_user({template_name => "tools/picture-upload.tmpl", + = get_template_and_user({template_name => "tools/picture-upload.tt", query => $input, type => "intranet", authnotrequired => 0, - flagsrequired => {management => 1, tools => 'batch_upload_patron_images'}, + flagsrequired => { tools => 'batch_upload_patron_images'}, debug => 0, }); -my $filetype = $input->param('filetype'); -my $cardnumber = $input->param('cardnumber'); -my $uploadfilename = $input->param('uploadfile'); -my $uploadfile = $input->upload('uploadfile'); -my $borrowernumber = $input->param('borrowernumber'); -my $op = $input->param('op'); +our $filetype = $input->param('filetype') || ''; +my $cardnumber = $input->param('cardnumber'); +our $uploadfilename = $input->param('uploadfile') || ''; +my $uploadfile = $input->upload('uploadfile'); +my $borrowernumber = $input->param('borrowernumber'); +my $op = $input->param('op') || ''; #FIXME: This code is really in the rough. The variables need to be re-scoped as the two subs depend on global vars to operate. # Other parts of this code could be optimized as well, I think. Perhaps the file upload could be done with YUI's upload @@ -56,7 +61,7 @@ $debug and warn "Params are: filetype=$filetype, cardnumber=$cardnumber, borrowe =head1 NAME -picture-upload.p. - Script for handling uploading of both single and bulk patronimages and importing them into the database. +picture-upload.pl - Script for handling uploading of both single and bulk patronimages and importing them into the database. =head1 SYNOPSIS @@ -71,219 +76,372 @@ Files greater than 100K will be refused. Images should be 140x200 pixels. If the $debug and warn "Operation requested: $op"; -my ( $total, $handled, @counts, $tempfile, $tfh ); +my ( $total, $handled, $tempfile, $tfh ); +our @counts = (); +our %errors = (); + +# Case is important in these operational values as the template must use case to be visually pleasing! +if ( ( $op eq 'Upload' ) && $uploadfile ) { -if ( ($op eq 'Upload') && $uploadfile ) { # Case is important in these operational values as the template must use case to be visually pleasing! - my $dirname = File::Temp::tempdir( CLEANUP => 1); + die "Wrong CSRF token" + unless Koha::Token->new->check_csrf({ + session_id => scalar $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); + + my $dirname = File::Temp::tempdir( CLEANUP => 1 ); $debug and warn "dirname = $dirname"; - my $filesuffix = $1 if $uploadfilename =~ m/(\..+)$/i; - ( $tfh, $tempfile ) = File::Temp::tempfile( SUFFIX => $filesuffix, UNLINK => 1 ); + my $filesuffix; + if ( $uploadfilename =~ m/(\..+)$/i ) { + $filesuffix = $1; + } + ( $tfh, $tempfile ) = + File::Temp::tempfile( SUFFIX => $filesuffix, UNLINK => 1 ); $debug and warn "tempfile = $tempfile"; - my ( @directories, $errors ); + my ( @directories, $results ); - $errors{'NOTZIP'} = 1 if ( $uploadfilename !~ /\.zip$/i && $filetype =~ m/zip/i ); + $errors{'NOTZIP'} = 1 + if ( $uploadfilename !~ /\.zip$/i && $filetype =~ m/zip/i ); $errors{'NOWRITETEMP'} = 1 unless ( -w $dirname ); - $errors{'EMPTYUPLOAD'} = 1 unless ( length( $uploadfile ) > 0 ); + $errors{'EMPTYUPLOAD'} = 1 unless ( length($uploadfile) > 0 ); - if ( %errors ) { - $template->param( ERRORS => [ \%errors ] ); - } else { - while ( <$uploadfile> ) { - print $tfh $_; + if (%errors) { + $template->param( ERRORS => [ \%errors ] ); + output_html_with_http_headers $input, $cookie, $template->output; + exit; + } + while (<$uploadfile>) { + print $tfh $_; + } + close $tfh; + if ( $filetype eq 'zip' ) { + unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) { + $errors{'UZIPFAIL'} = $uploadfilename; + $template->param( ERRORS => [ \%errors ] ); + # This error is fatal to the import, so bail out here + output_html_with_http_headers $input, $cookie, $template->output; + exit; } - - close $tfh; - if ( $filetype eq 'zip' ) { - unless (system("unzip $tempfile -d $dirname") == 0) { - $errors{'UZIPFAIL'} = $uploadfilename; - $template->param( ERRORS => [ \%errors ] ); - output_html_with_http_headers $input, $cookie, $template->output; # This error is fatal to the import, so bail out here - exit; - } - push @directories, "$dirname"; - foreach $recursive_dir ( @directories ) { - opendir $dir, $recursive_dir; - while ( my $entry = readdir $dir ) { - push @directories, "$recursive_dir/$entry" if ( -d "$recursive_dir/$entry" and $entry !~ /^\./ ); + push @directories, "$dirname"; + foreach my $recursive_dir (@directories) { + opendir RECDIR, $recursive_dir; + while ( my $entry = readdir RECDIR ) { + push @directories, "$recursive_dir/$entry" + if ( -d "$recursive_dir/$entry" and $entry !~ /^\./ ); $debug and warn "$recursive_dir/$entry"; - } - closedir $dir; - } - my $results; - foreach my $dir ( @directories ) { - $results = handle_dir( $dir, $filesuffix ); - $handled++ if $results == 1; } - $total = scalar @directories; - } else { #if ($filetype eq 'zip' ) - $results = handle_dir( $dirname, $filesuffix ); - $handled = 1; - $total = 1; + closedir RECDIR; + } + foreach my $dir (@directories) { + $results = handle_dir( $dir, $filesuffix, $template ); + $handled++ if $results == 1; } + $total = scalar @directories; + } + else { + #if ($filetype eq 'zip' ) + $results = handle_dir( $dirname, $filesuffix, $template, $cardnumber, + $tempfile ); + $handled++ if $results == 1; + $total = 1; + } - if ( %$results || %errors ) { - $template->param( ERRORS => [ \%$results ] ); - } else { - $debug and warn "Total files processed: $total"; - warn "Errors in \$errors." if $errors; - $template->param( - TOTAL => $total, - HANDLED => $handled, - COUNTS => \@counts, - TCOUNTS => scalar(@counts), - ); - } + if ( $results!=1 || %errors ) { + $template->param( ERRORS => [$results] ); + } + else { + my $filecount; + map { $filecount += $_->{count} } @counts; + $debug and warn "Total directories processed: $total"; + $debug and warn "Total files processed: $filecount"; + $template->param( + TOTAL => $total, + HANDLED => $handled, + COUNTS => \@counts, + TCOUNTS => ( $filecount > 0 ? $filecount : undef ), + ); + $template->param( borrowernumber => $borrowernumber ) + if $borrowernumber; } -} elsif ( ($op eq 'Upload') && !$uploadfile ) { +} +elsif ( ( $op eq 'Upload' ) && !$uploadfile ) { warn "Problem uploading file or no file uploaded."; - $template->param(cardnumber => $cardnumber); - $template->param(filetype => $filetype); -} elsif ( $op eq 'Delete' ) { - my $dberror = RmPatronImage($cardnumber); - $debug and warn "Patron image deleted for $cardnumber"; - warn "Database returned $dberror" if $dberror; + $template->param( cardnumber => $cardnumber ); + $template->param( filetype => $filetype ); } -if ( $borrowernumber && !$errors && !$template->param('ERRORS') ) { - print $input->redirect ("/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber"); -} else { +elsif ( $op eq 'Delete' ) { + die "Wrong CSRF token" + unless Koha::Token->new->check_csrf({ + session_id => scalar $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); + + my $deleted = eval { + Koha::Patron::Images->find( $borrowernumber )->delete; + }; + if ( $@ or not $deleted ) { + warn "Image for patron '$borrowernumber' has not been deleted"; + } +} +if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) { + print $input->redirect( + "/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber"); +} +else { + $template->param( + csrf_token => Koha::Token->new->generate_csrf({ + session_id => scalar $input->cookie('CGISESSID'), + }), + ); output_html_with_http_headers $input, $cookie, $template->output; } sub handle_dir { - my ( $dir, $suffix ) = @_; - my $source; + my ( $dir, $suffix, $template, $cardnumber, $source ) = @_; + my ( %counts, %direrrors ); $debug and warn "Entering sub handle_dir; passed \$dir=$dir, \$suffix=$suffix"; - if ($suffix =~ m/zip/i) { # If we were sent a zip file, process any included data/idlink.txt files - my ( $file, $filename, $cardnumber ); + if ( $suffix =~ m/zip/i ) { + # If we were sent a zip file, process any included data/idlink.txt files + my ( $file, $filename ); + undef $cardnumber; $debug and warn "Passed a zip file."; - opendir my $dirhandle, $dir; - while ( my $filename = readdir $dirhandle ) { - $file = "$dir/$filename" if ($filename =~ m/datalink\.txt/i || $filename =~ m/idlink\.txt/i); + opendir DIR, $dir; + while ( my $filename = readdir DIR ) { + $file = "$dir/$filename" + if ( $filename =~ m/datalink\.txt/i + || $filename =~ m/idlink\.txt/i ); + } + unless ( open( FILE, $file ) ) { + warn "Opening $dir/$file failed!"; + $direrrors{'OPNLINK'} = $file; + # This error is fatal to the import of this directory contents + # so bail and return the error to the caller + return \%direrrors; } - unless (open (FILE, $file)) { - warn "Opening $dir/$file failed!"; - $errors{'OPNLINK'} = $file; - return $errors; # This error is fatal to the import of this directory contents, so bail and return the error to the caller - }; - while (my $line = ) { + while ( my $line = ) { $debug and warn "Reading contents of $file"; - chomp $line; + chomp $line; $debug and warn "Examining line: $line"; - my $delim = ($line =~ /\t/) ? "\t" : ($line =~ /,/) ? "," : ""; + my $delim = ( $line =~ /\t/ ) ? "\t" : ( $line =~ /,/ ) ? "," : ""; $debug and warn "Delimeter is \'$delim\'"; unless ( $delim eq "," || $delim eq "\t" ) { warn "Unrecognized or missing field delimeter. Please verify that you are using either a ',' or a 'tab'"; - $errors{'DELERR'} = 1; # This error is fatal to the import of this directory contents, so bail and return the error to the caller - return $errors; + $direrrors{'DELERR'} = 1; + # This error is fatal to the import of this directory contents + # so bail and return the error to the caller + return \%direrrors; } - ($cardnumber, $filename) = split $delim, $line; - $cardnumber =~ s/[\"\r\n]//g; # remove offensive characters - $filename =~ s/[\"\r\n\s]//g; + ( $cardnumber, $filename ) = split $delim, $line; + $cardnumber =~ s/[\"\r\n]//g; # remove offensive characters + $filename =~ s/[\"\r\n\s]//g; $debug and warn "Cardnumber: $cardnumber Filename: $filename"; $source = "$dir/$filename"; - %counts = handle_file($cardnumber, $source, %counts); + %counts = handle_file( $cardnumber, $source, $template, %counts ); } close FILE; - closedir ($dirhandle); - } else { - $source = $tempfile; - %counts = handle_file($cardnumber, $source, %counts); + closedir DIR; } -push @counts, \%counts; -return 1; + else { + %counts = handle_file( $cardnumber, $source, $template, %counts ); + } + push @counts, \%counts; + return 1; } sub handle_file { - my ($cardnumber, $source, %count) = @_; + my ( $cardnumber, $source, $template, %count ) = @_; $debug and warn "Entering sub handle_file; passed \$cardnumber=$cardnumber, \$source=$source"; - $count{filenames} = () if !$count{filenames}; - $count{source} = $source if !$count{source}; - if ($cardnumber && $source) { # Now process any imagefiles - my %filerrors; - my $filename; - if ($filetype eq 'image') { - $filename = $uploadfilename; - } else { - $filename = $1 if ($source =~ /\/([^\/]+)$/); - } + $count{filenames} = () if !$count{filenames}; + $count{source} = $source if !$count{source}; + $count{count} = 0 unless exists $count{count}; + my %filerrors; + my $filename; + if ( $filetype eq 'image' ) { + $filename = $uploadfilename; + } + else { + $filename = $1 if ( $source && $source =~ /\/([^\/]+)$/ ); + } + if ( $cardnumber && $source ) { + # Now process any imagefiles $debug and warn "Source: $source"; - my $size = (stat($source))[7]; - if ($size > 100000) { # This check is necessary even with image resizing to avoid possible security/performance issues... - warn "$filename is TOO BIG!!! I refuse to beleagur my database with that much data. Try reducing the pixel dimensions and I\'ll reconsider."; - $filerrors{'OVRSIZ'} = 1; - push my @filerrors, \%filerrors; - push @{ $count{filenames} }, { filerrors => \@filerrors, source => $filename, cardnumber => $cardnumber }; - $template->param( ERRORS => 1 ); - return %count; # this one is fatal so bail here... - } - my $image = Image::Magick->new; - if (open (IMG, "$source")) { - $image->Read(file=>\*IMG); - close (IMG); - my $mimetype = $image->Get('mime'); - # Check the pixel size of the image we are about to import... - my ($height, $width) = $image->Get('height', 'width'); - $debug and warn "$filename is $width pix X $height pix."; - if ($width > 140 || $height > 200) { # MAX pixel dims are 140 X 200... - warn "$filename exceeds the maximum pixel dimensions of 140 X 200. Resizing..."; - my $percent_reduce; # Percent we will reduce the image dimensions by... - if ($width > 140) { - $percent_reduce = sprintf("%.5f",(140/$width)); # If the width is oversize, scale based on width overage... - } else { - $percent_reduce = sprintf("%.5f",(200/$height)); # otherwise scale based on height overage. + my $size = ( stat($source) )[7]; + if ( $size > 550000 ) { + # This check is necessary even with image resizing to avoid possible security/performance issues... + $filerrors{'OVRSIZ'} = 1; + push my @filerrors, \%filerrors; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; + $template->param( ERRORS => 1 ); + # this one is fatal so bail here... + return %count; + } + my ( $srcimage, $image ); + if ( open( IMG, "$source" ) ) { + $srcimage = GD::Image->new(*IMG); + close(IMG); + if ( defined $srcimage ) { + my $imgfile; + my $mimetype = 'image/png'; + # GD autodetects three basic image formats: PNG, JPEG, XPM + # we will convert all to PNG which is lossless... + # Check the pixel size of the image we are about to import... + my ( $width, $height ) = $srcimage->getBounds(); + $debug and warn "$filename is $width pix X $height pix."; + if ( $width > 200 || $height > 300 ) { + # MAX pixel dims are 200 X 300... + $debug and warn "$filename exceeds the maximum pixel dimensions of 200 X 300. Resizing..."; + # Percent we will reduce the image dimensions by... + my $percent_reduce; + if ( $width > 200 ) { + # If the width is oversize, scale based on width overage... + $percent_reduce = sprintf( "%.5f", ( 140 / $width ) ); + } + else { + # otherwise scale based on height overage. + $percent_reduce = sprintf( "%.5f", ( 200 / $height ) ); + } + my $width_reduce = + sprintf( "%.0f", ( $width * $percent_reduce ) ); + my $height_reduce = + sprintf( "%.0f", ( $height * $percent_reduce ) ); + $debug + and warn "Reducing $filename by " + . ( $percent_reduce * 100 ) + . "\% or to $width_reduce pix X $height_reduce pix"; + #'1' creates true color image... + $image = GD::Image->new( $width_reduce, $height_reduce, 1 ); + $image->copyResampled( $srcimage, 0, 0, 0, 0, $width_reduce, + $height_reduce, $width, $height ); + $imgfile = $image->png(); + $debug + and warn "$filename is " + . length($imgfile) + . " bytes after resizing."; + undef $image; + undef $srcimage; # This object can get big... + } + else { + $image = $srcimage; + $imgfile = $image->png(); + $debug + and warn "$filename is " . length($imgfile) . " bytes."; + undef $image; + undef $srcimage; # This object can get big... + } + $debug and warn "Image is of mimetype $mimetype"; + my $dberror; + if ($mimetype) { + my $patron = Koha::Patrons->find({ cardnumber => $cardnumber }); + if ( $patron ) { + my $image = $patron->image; + $image ||= Koha::Patron::Image->new({ borrowernumber => $patron->borrowernumber }); + $image->set({ + mimetype => $mimetype, + imagefile => $imgfile, + }); + eval { $image->store }; + if ( $@ ) { + # Errors from here on are fatal only to the import of a particular image + #so don't bail, just note the error and keep going + warn "Database returned error: $@"; + $filerrors{'DBERR'} = 1; + push my @filerrors, \%filerrors; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; + $template->param( ERRORS => 1 ); + } else { + $count{count}++; + push @{ $count{filenames} }, + { source => $filename, cardnumber => $cardnumber }; + } + } else { + warn "Patron with the cardnumber '$cardnumber' does not exist"; + $filerrors{'CARDNUMBER_DOES_NOT_EXIST'} = 1; + push my @filerrors, \%filerrors; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; + $template->param( ERRORS => 1 ); + } + } + else { + warn "Unable to determine mime type of $filename. Please verify mimetype."; + $filerrors{'MIMERR'} = 1; + push my @filerrors, \%filerrors; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; + $template->param( ERRORS => 1 ); } - my $width_reduce = sprintf("%.0f", ($width * $percent_reduce)); - my $height_reduce = sprintf("%.0f", ($height * $percent_reduce)); - warn "Reducing $filename by " . ($percent_reduce * 100) . "\% or to $width_reduce pix X $height_reduce pix"; - $image->Resize(width=>$width_reduce, height=>$height_reduce); - my @img = $image->ImageToBlob(); - $imgfile = $img[0]; - warn "$filename is " . length($imgfile) . " bytes after resizing."; - undef $image; # This object can get big... - } else { - my @img = $image->ImageToBlob(); - $imgfile = $img[0]; - $debug and warn "$filename is " . length($imgfile) . " bytes."; - undef $image; } - $debug and warn "Image is of mimetype $mimetype"; - my $dberror = PutPatronImage($cardnumber,$mimetype, $imgfile) if $mimetype; - if ( !$dberror && $mimetype ) { # Errors from here on are fatal only to the import of a particular image, so don't bail, just note the error and keep going - $count{count}++; - push @{ $count{filenames} }, { source => $filename, cardnumber => $cardnumber }; - } elsif ( $dberror ) { - warn "Database returned error: $dberror"; - ($dberror =~ /patronimage_fk1/) ? $filerrors{'IMGEXISTS'} = 1 : $filerrors{'DBERR'} = 1; + else { + warn "Contents of $filename corrupted!"; + #$count{count}--; + $filerrors{'CORERR'} = 1; push my @filerrors, \%filerrors; - push @{ $count{filenames} }, { filerrors => \@filerrors, source => $filename, cardnumber => $cardnumber }; - $template->param( ERRORS => 1 ); - } elsif ( !$mimetype ) { - warn "Unable to determine mime type of $filename. Please verify mimetype and add to \%mimemap if necessary."; - $filerrors{'MIMERR'} = 1; - push my @filerrors, \%filerrors; - push @{ $count{filenames} }, { filerrors => \@filerrors, source => $filename, cardnumber => $cardnumber }; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; $template->param( ERRORS => 1 ); } - } else { - warn "Opening $dir/$filename failed!"; + } + else { + warn "Opening $source failed!"; $filerrors{'OPNERR'} = 1; push my @filerrors, \%filerrors; - push @{ $count{filenames} }, { filerrors => \@filerrors, source => $filename, cardnumber => $cardnumber }; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; $template->param( ERRORS => 1 ); } - } else { # The need for this seems a bit unlikely, however, to maximize error trapping it is included - warn "Missing " . ($cardnumber ? "filename" : ($filename ? "cardnumber" : "cardnumber and filename")); - $filerrors{'CRDFIL'} = ($cardnumber ? "filename" : ($filename ? "cardnumber" : "cardnumber and filename")); + } + else { + # The need for this seems a bit unlikely, however, to maximize error trapping it is included + warn "Missing " + . ( + $cardnumber + ? "filename" + : ( $filename ? "cardnumber" : "cardnumber and filename" ) + ); + $filerrors{'CRDFIL'} = ( + $cardnumber + ? "filename" + : ( $filename ? "cardnumber" : "cardnumber and filename" ) + ); push my @filerrors, \%filerrors; - push @{ $count{filenames} }, { filerrors => \@filerrors, source => $filename, cardnumber => $cardnumber }; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; $template->param( ERRORS => 1 ); } - return %count; + return (%count); } -=back - =head1 AUTHORS Original contributor(s) undocumented