bug 2613: allow web self-check to accept patron ID

Use 'patronid' instead of 'userid' as the query parameter
for passing the patron userid or barcode around; 'userid'
is claimed by C4::Auth and should be used only for
authentication pages.

Fixes the problem where entering a patron's card
number would cause a redirect to the OPAC login
page.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>

diff --git a/koha-tmpl/opac-tmpl/prog/en/css/sco.css b/koha-tmpl/opac-tmpl/prog/en/css/sco.css
index eb1c019..e31db23 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/css/sco.css
+++ b/koha-tmpl/opac-tmpl/prog/en/css/sco.css
@@ -180,7 +180,7 @@ em {
        margin-top : 1em;
 }
 #barcode,
-#userid {
+#patronid {
        font-size : 125%;
        padding-bottom : 3px;
 }
@@ -212,4 +212,4 @@ div.button a:active {
 }
 div.button a:active {
        border : 1px inset #666;
-}
\ No newline at end of file
+}

diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
index 35aabbd..051ac45 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
@@ -28,7 +28,7 @@
 <p><em>Error type:</em> <!-- TMPL_VAR NAME="impossible" --></p><!-- /TMPL_IF -->
 <form action="/cgi-bin/koha/sco/sco-main.pl" name="errorForm" method="post">
 <input type="hidden" name="op" value="login" />
-<input type="hidden" name="userid" value="<!-- TMPL_VAR NAME="userid" -->" />
+<input type="hidden" name="patronid" value="<!-- TMPL_VAR NAME="patronid" -->" />
 <!-- TMPL_IF NAME="returnitem" -->
 <input type="hidden" name="barcode" value="<!-- TMPL_VAR NAME="barcode" -->" />
 <input type="button" name="returnbook" value="Return this item" class="return" onclick="this.form.op.value='returnbook';this.form.submit();"  />
@@ -42,7 +42,7 @@
 
 <form action="/cgi-bin/koha/sco/sco-main.pl" name="confirmForm" method="post">
 <input type="hidden" id="op" name="op" value="checkout" />
-<input type="hidden" name="userid" value="<!-- TMPL_VAR NAME="userid" -->" />
+<input type="hidden" name="patronid" value="<!-- TMPL_VAR NAME="patronid" -->" />
 <input type="hidden" name="barcode" value="<!-- TMPL_VAR NAME="barcode" -->" />
 <input type="hidden" id="confirmation"  name="confirmed" value=""  />
 <!-- TMPL_IF NAME="renew" -->
@@ -73,13 +73,13 @@ Sorry, This Self-Checkout Station has lost authentication.  Please contact the a
                <a href="/cgi-bin/koha/sco/help.pl">HELP</a> with the self checkout system
        </div>
 
-       <!-- TMPL_IF NAME="userid" -->
+       <!-- TMPL_IF NAME="patronid" -->
        <!-- TMPL_IF NAME="validuser" -->
        <h3 class="warning">You are logged in as <!-- TMPL_VAR NAME="borrowername" -->.</h3>
        <!-- /TMPL_IF -->
        </div>
        <!-- TMPL_IF NAME="nouser" -->
-       <div class="error"><h4>Sorry</h4><p>The userid <!-- TMPL_VAR NAME="userid" --> was not found in the database.  Please try again.</p></div>
+       <div class="error"><h4>Sorry</h4><p>The userid <!-- TMPL_VAR NAME="patronid" --> was not found in the database.  Please try again.</p></div>
        <br />
        <!-- /TMPL_IF -->
        <!-- /TMPL_IF -->
@@ -90,9 +90,8 @@ Sorry, This Self-Checkout Station has lost authentication.  Please contact the a
        <!-- TMPL_UNLESS NAME="validuser" -->
        <div class="sco_entry" >
        <form id="mainform" action="/cgi-bin/koha/sco/sco-main.pl" name="mainform" method="post">
-      <input type="hidden" name="koha_login_context" value="sco" />
-       <fieldset class="checkout"><label for="userid">Please enter your card number:</label> 
-       <input type="text" id="userid" class="unfocus" size="20" name="userid" />
+       <fieldset class="checkout"><label for="patronid">Please enter your card number:</label> 
+       <input type="text" id="patronid" class="unfocus" size="20" name="patronid" />
        <!-- TMPL_LOOP NAME="INPUTS" --><input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->"><!-- /TMPL_LOOP -->
        <input type="hidden" name="op" value="login" />
        <input  type="submit" value="Submit" class="submit" /></fieldset></form>
@@ -100,13 +99,13 @@ Sorry, This Self-Checkout Station has lost authentication.  Please contact the a
        <!-- /TMPL_UNLESS -->
        <!-- TMPL_IF NAME="validuser" -->
        <div id="newcheckout" class="sco_entry">
-       <form id="mainform" name="scan_form" method="post" action="/cgi-bin/koha/sco/sco-main.pl" onsubmit=" if(this.valid_session == 0) { if(confirm('Session has expired.  Click \'OK\' to continue processing this item.  Click Cancel if you are not <!-- TMPL_VAR NAME="userid" -->.')){ this.op.value='logout'; this.userid.value=''; } return true;}; " >
+       <form id="mainform" name="scan_form" method="post" action="/cgi-bin/koha/sco/sco-main.pl" onsubmit=" if(this.valid_session == 0) { if(confirm('Session has expired.  Click \'OK\' to continue processing this item.  Click Cancel if you are not <!-- TMPL_VAR NAME="patronid" -->.')){ this.op.value='logout'; this.patronid.value=''; } return true;}; " >
        <fieldset><legend> Check out or return an item: </legend>
        <label for="barcode">Scan a new item or enter its barcode:</label>
        <input id="barcode" name="barcode" size="20" class="unfocus" onfocus="this.className='focus';" onblur="this.className='unfocus';" />
        <input type="hidden" name="op" value="checkout" />
-       <input type="hidden" name="userid" value="<!-- TMPL_VAR name="userid" -->" />
-       <input type="hidden" name="valid_session" value="1">
+       <input type="hidden" name="patronid" value="<!-- TMPL_VAR name="patronid" -->" />
+       <input type="hidden" name="valid_session" value="1" />
        <input type="submit" value="Submit" class="submit" /></fieldset>
        </form>
        <p class="alert"><form method="post" action="/cgi-bin/koha/sco/sco-main.pl?op=logout" >Scan next item, or <input type="submit" value="Click here if done." class="finish" /></form></p>

diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl
index a627849..71baf7f 100755 (executable)
--- a/opac/sco/sco-main.pl
+++ b/opac/sco/sco-main.pl
@@ -2,7 +2,7 @@
 # This code has been modified by Trendsetters (originally from opac-user.pl)
 # This code has been modified by rch
 # We're going to authenticate a self-check user.  we'll add a flag to borrowers 'selfcheck'
-# We're in a controlled environment; we trust the user. so the selfcheck station will accept a userid and 
+# We're in a controlled environment; we trust the user. so the selfcheck station will accept a patronid and 
 # issue items to that borrower.
 #
 use strict;
@@ -34,8 +34,8 @@ my ($template, $loggedinuser, $cookie)
 my $dbh = C4::Context->dbh;
 
 my $issuerid = $loggedinuser;
-my ($op, $userid, $barcode, $confirmed, $timedout )= ($query->param("op"), 
-                                        $query->param("userid"), 
+my ($op, $patronid, $barcode, $confirmed, $timedout )= ($query->param("op"), 
+                                        $query->param("patronid"), 
                                        $query->param("barcode"),
                                        $query->param( "confirmed"),
                                        $query->param( "timedout"), #not actually using this...
@@ -47,7 +47,7 @@ my $cnt = 0;
 my ($issuer) = GetMemberDetails($issuerid);
 my $item = GetItem(undef,$barcode);
 my $borrower;
-($borrower) = GetMemberDetails(undef,$userid);
+($borrower) = GetMemberDetails(undef,$patronid);
 
 my $branch = $issuer->{branchcode};
 my $confirm_required = 0;
@@ -55,12 +55,12 @@ my $return_only = 0;
 #warn "issuer cardnum: " . $issuer->{cardnumber};
 #warn "cardnumber= ".$borrower->{cardnumber};
 if ($op eq "logout") {
-        $query->param( userid => undef );
+        $query->param( patronid => undef );
 }
   if ($op eq "returnbook") {
       my ($doreturn ) = AddReturn($barcode, $branch);
      #warn "returnbook: " . $doreturn;
-    ($borrower) = GetMemberDetails(undef, $userid);
+    ($borrower) = GetMemberDetails(undef, $patronid);
   }
   
   if ($op eq "checkout" ) {
@@ -109,9 +109,9 @@ if ($op eq "logout") {
         if ( $confirmed || $issuenoconfirm ) {  # we'll want to call getpatroninfo again to get updated issues.
            #warn "issuing book?";
             AddIssue($borrower,$barcode);
-       #    ($borrower, $flags) = getpatroninformation(undef,undef, $userid);
+       #    ($borrower, $flags) = getpatroninformation(undef,undef, $patronid);
                
-       #    $template->param( userid => $userid,
+       #    $template->param( patronid => $patronid,
 #                      validuser => 1,
 #                      );
          } else {
@@ -142,7 +142,7 @@ if ($borrower->{cardnumber}) {
                        borrowername => $borrowername,
                        issues_count => $cnt, 
                        ISSUES => \@issues,,
-                       userid => $userid ,
+                       patronid => $patronid ,
                        noitemlinks => 1 ,
                );
    $cnt = 0;
@@ -161,8 +161,8 @@ $template->param( inputfocus => $inputfocus,
 
 } else {
 
- $template->param( userid => $userid,  nouser => $userid,
-                       inputfocus => 'userid', );
+ $template->param( patronid => $patronid,  nouser => $patronid,
+                       inputfocus => 'patronid', );
 }
 
 output_html_with_http_headers $query, $cookie, $template->output;