}
}
}
+ else { # if this is an anonymous session, setup to display public lists...
+
+ # load the template variables for stylesheets and JavaScript
+ $template->param( css_libs => $in->{'css_libs'} );
+ $template->param( css_module => $in->{'css_module'} );
+ $template->param( css_page => $in->{'css_page'} );
+ $template->param( css_widgets => $in->{'css_widgets'} );
+
+ $template->param( js_libs => $in->{'js_libs'} );
+ $template->param( js_module => $in->{'js_module'} );
+ $template->param( js_page => $in->{'js_page'} );
+ $template->param( js_widgets => $in->{'js_widgets'} );
+
+ $template->param( sessionID => $sessionID );
+ my $shelves;
+ if ($shelves = C4::Context->get_shelves_userenv()) {
+ $template->param( barshelves => scalar (@$shelves));
+ $template->param( barshelvesloop => $shelves);
+ }
+ }
if ( $in->{'type'} eq "intranet" ) {
$template->param(
my %info;
my ( $userid, $cookie, $sessionID, $flags, $shelves );
my $logout = $query->param('logout.x');
+
if ( $userid = $ENV{'REMOTE_USER'} ) {
# Using Basic Authentication, no cookies required
$cookie = $query->cookie(
elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison
my $session = get_session($sessionID);
C4::Context->_new_userenv($sessionID);
- my ($ip, $lasttime);
+ my ($ip, $lasttime, $sessiontype);
if ($session){
C4::Context::set_userenv(
$session->param('number'), $session->param('id'),
$ip = $session->param('ip');
$lasttime = $session->param('lasttime');
$userid = $session->param('id');
+ $sessiontype = $session->param('sessiontype');
}
-
- if ($logout) {
+
+ if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
+ #if a user enters an id ne to the id in the current session, we need to log them in...
+ #first we need to clear the anonymous session...
+ $debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
+ $session->flush;
+ $session->delete();
+ C4::Context->_unset_userenv($sessionID);
+ $sessionID = undef;
+ $userid = undef;
+ }
+ elsif ($logout) {
# voluntary logout the user
$session->flush;
$session->delete();
else {
$cookie = $query->cookie( CGISESSID => $session->id );
$session->param('lasttime',time());
- $flags = haspermission( $dbh, $userid, $flagsrequired );
- if ($flags) {
- $loggedin = 1;
- } else {
- $info{'nopermission'} = 1;
+ unless ( $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
+ $flags = haspermission( $dbh, $userid, $flagsrequired );
+ if ($flags) {
+ $loggedin = 1;
+ } else {
+ $info{'nopermission'} = 1;
+ }
}
}
}
- unless ($userid) {
- my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
+ unless ($userid || $sessionID) {
+ #we initiate a session prior to checking for a username to allow for anonymous sessions...
+ my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
my $sessionID = $session->id;
- $userid = $query->param('userid');
- my $password = $query->param('password');
- C4::Context->_new_userenv($sessionID);
- my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
- if ($return) {
- _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
- $cookie = $query->cookie(CGISESSID => $sessionID);
- if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
- $loggedin = 1;
- }
- else {
- $info{'nopermission'} = 1;
- C4::Context->_unset_userenv($sessionID);
- }
-
- my ($borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $branchprinter, $emailaddress);
-
- if ( $return == 1 ) {
- my $select = "
- SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode,
- branches.branchname as branchname,
- branches.branchprinter as branchprinter,
- email
- FROM borrowers
- LEFT JOIN branches on borrowers.branchcode=branches.branchcode
- ";
- my $sth = $dbh->prepare("$select where userid=?");
- $sth->execute($userid);
- unless ($sth->rows) {
- $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
- $sth = $dbh->prepare("$select where cardnumber=?");
- $sth->execute($cardnumber);
+ C4::Context->_new_userenv($sessionID);
+ $cookie = $query->cookie(CGISESSID => $sessionID);
+ if ( $userid = $query->param('userid') ) {
+ my $password = $query->param('password');
+ my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
+ if ($return) {
+ _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
+ if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
+ $loggedin = 1;
+ }
+ else {
+ $info{'nopermission'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+
+ my ($borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress);
+
+ if ( $return == 1 ) {
+ my $select = "
+ SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode,
+ branches.branchname as branchname,
+ branches.branchprinter as branchprinter,
+ email
+ FROM borrowers
+ LEFT JOIN branches on borrowers.branchcode=branches.branchcode
+ ";
+ my $sth = $dbh->prepare("$select where userid=?");
+ $sth->execute($userid);
unless ($sth->rows) {
- $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
- $sth->execute($userid);
+ $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
+ $sth = $dbh->prepare("$select where cardnumber=?");
+ $sth->execute($cardnumber);
unless ($sth->rows) {
- $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+ $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
+ $sth->execute($userid);
+ unless ($sth->rows) {
+ $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+ }
}
}
- }
- if ($sth->rows) {
- ($borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
- $debug and print STDERR "AUTH_3 results: " .
- "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
- } else {
- print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
- }
+ if ($sth->rows) {
+ ($borrowernumber, $firstname, $surname, $userflags,
+ $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
+ $debug and print STDERR "AUTH_3 results: " .
+ "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
+ } else {
+ print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
+ }
# launch a sequence to check if we have a ip for the branch, i
# if we have one we replace the branchcode of the userenv by the branch bound in the ip.
- my $ip = $ENV{'REMOTE_ADDR'};
- # if they specify at login, use that
- if ($query->param('branch')) {
- $branchcode = $query->param('branch');
- $branchname = GetBranchName($branchcode);
- }
- my $branches = GetBranches();
- if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
- # we have to check they are coming from the right ip range
- my $domain = $branches->{$branchcode}->{'branchip'};
- if ($ip !~ /^$domain/){
- $loggedin=0;
- $info{'wrongip'} = 1;
+ my $ip = $ENV{'REMOTE_ADDR'};
+ # if they specify at login, use that
+ if ($query->param('branch')) {
+ $branchcode = $query->param('branch');
+ $branchname = GetBranchName($branchcode);
+ }
+ my $branches = GetBranches();
+ if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
+ # we have to check they are coming from the right ip range
+ my $domain = $branches->{$branchcode}->{'branchip'};
+ if ($ip !~ /^$domain/){
+ $loggedin=0;
+ $info{'wrongip'} = 1;
+ }
}
- }
- my @branchesloop;
- foreach my $br ( keys %$branches ) {
- # now we work with the treatment of ip
- my $domain = $branches->{$br}->{'branchip'};
- if ( $domain && $ip =~ /^$domain/ ) {
- $branchcode = $branches->{$br}->{'branchcode'};
+ my @branchesloop;
+ foreach my $br ( keys %$branches ) {
+ # now we work with the treatment of ip
+ my $domain = $branches->{$br}->{'branchip'};
+ if ( $domain && $ip =~ /^$domain/ ) {
+ $branchcode = $branches->{$br}->{'branchcode'};
- # new op dev : add the branchprinter and branchname in the cookie
- $branchprinter = $branches->{$br}->{'branchprinter'};
- $branchname = $branches->{$br}->{'branchname'};
- }
- }
- $session->param('number',$borrowernumber);
- $session->param('id',$userid);
- $session->param('cardnumber',$cardnumber);
- $session->param('firstname',$firstname);
- $session->param('surname',$surname);
- $session->param('branch',$branchcode);
- $session->param('branchname',$branchname);
- $session->param('flags',$userflags);
- $session->param('emailaddress',$emailaddress);
- $session->param('ip',$session->remote_addr());
- $session->param('lasttime',time());
- $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
- }
- elsif ( $return == 2 ) {
- #We suppose the user is the superlibrarian
- $borrowernumber = 0;
- $session->param('number',0);
- $session->param('id',C4::Context->config('user'));
- $session->param('cardnumber',C4::Context->config('user'));
- $session->param('firstname',C4::Context->config('user'));
- $session->param('surname',C4::Context->config('user'));
- $session->param('branch','NO_LIBRARY_SET');
- $session->param('branchname','NO_LIBRARY_SET');
- $session->param('flags',1);
- $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
- $session->param('ip',$session->remote_addr());
- $session->param('lasttime',time());
- }
- C4::Context::set_userenv(
- $session->param('number'), $session->param('id'),
- $session->param('cardnumber'), $session->param('firstname'),
- $session->param('surname'), $session->param('branch'),
- $session->param('branchname'), $session->param('flags'),
- $session->param('emailaddress'), $session->param('branchprinter')
- );
- $shelves = GetShelvesSummary($borrowernumber,2,10);
+ # new op dev : add the branchprinter and branchname in the cookie
+ $branchprinter = $branches->{$br}->{'branchprinter'};
+ $branchname = $branches->{$br}->{'branchname'};
+ }
+ }
+ $session->param('number',$borrowernumber);
+ $session->param('id',$userid);
+ $session->param('cardnumber',$cardnumber);
+ $session->param('firstname',$firstname);
+ $session->param('surname',$surname);
+ $session->param('branch',$branchcode);
+ $session->param('branchname',$branchname);
+ $session->param('flags',$userflags);
+ $session->param('emailaddress',$emailaddress);
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
+ }
+ elsif ( $return == 2 ) {
+ #We suppose the user is the superlibrarian
+ $borrowernumber = 0;
+ $session->param('number',0);
+ $session->param('id',C4::Context->config('user'));
+ $session->param('cardnumber',C4::Context->config('user'));
+ $session->param('firstname',C4::Context->config('user'));
+ $session->param('surname',C4::Context->config('user'));
+ $session->param('branch','NO_LIBRARY_SET');
+ $session->param('branchname','NO_LIBRARY_SET');
+ $session->param('flags',1);
+ $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ }
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+ $shelves = GetShelvesSummary($borrowernumber,2,10);
+ $session->param('shelves', $shelves);
+ C4::Context::set_shelves_userenv($shelves);
+ }
+ else {
+ if ($userid) {
+ $info{'invalid_username_or_password'} = 1;
+ C4::Context->_unset_userenv($sessionID);
+ }
+ }
+ } # END if ( $userid = $query->param('userid') )
+ elsif ($type eq "opac") {
+ # if we are here this is an anonymous session; add public lists to it and a few other items...
+ # anonymous sessions are created only for the OPAC
+ $debug and warn "Initiating an anonymous session...";
+ $shelves = GetShelvesSummary(0,2,10);
$session->param('shelves', $shelves);
C4::Context::set_shelves_userenv($shelves);
- }
- else {
- if ($userid) {
- $info{'invalid_username_or_password'} = 1;
- C4::Context->_unset_userenv($sessionID);
- }
-
- }
+ # setting a couple of other session vars...
+ $session->param('ip',$session->remote_addr());
+ $session->param('lasttime',time());
+ $session->param('sessiontype','anon');
+ }
} # END unless ($userid)
my $insecure = C4::Context->boolean_preference('insecure');
TemplateEncoding => C4::Context->preference("TemplateEncoding"),
IndependantBranches=> C4::Context->preference("IndependantBranches"),
AutoLocation => C4::Context->preference("AutoLocation"),
- yuipath => C4::Context->preference("yuipath"),
wrongip => $info{'wrongip'}
);
last SWITCH;
}
if ( $op eq 'modifsave' ) {
- ModShelf(
- $shelfnumber, $query->param('shelfname'), $loggedinuser,
- $query->param('category'), $query->param('sortfield')
- );
+ my $shelf = {
+ 'shelfname' => $query->param('shelfname'),
+ 'category' => $query->param('category'),
+ 'sortfield' => $query->param('sortfield'),
+ };
+ $shelf->{'owner'} = $loggedinuser if $type eq 'intranet'; #we only overwrite the list owner if &ModShelf was called from the staff client
+
+ ModShelf( $shelfnumber, $shelf );
$shelflist = GetShelves( $loggedinuser, 2 ); # refresh after mods
} elsif ( $op eq 'modif' ) {
- my ( $shelfnumber2, $shelfname, $owner, $category, $sortfield ) =GetShelf( $query->param('shelfnumber') );
+ my ( $shelfnumber2, $shelfname, $owner, $category, $sortfield ) =GetShelf( $shelfnumber );
$template->param(
edit => 1,
shelfnumber => $shelfnumber2,
shelfname => $shelfname,
owner => $owner,
- "category$category" => 1,
+ "category$category" => 1,
+ category => $category,
"sort_$sortfield" => 1,
);
}
}
if ($shelfnumber = $query->param('viewshelf') ) {
#check that the user can view the shelf
- if ( ShelfPossibleAction( $loggedinuser, $shelfnumber, 'view' ) ) {
- my $items = GetShelfContents($shelfnumber);
- for my $this_item (@$items) {
- $this_item->{imageurl} = $imgdir."/".$itemtypes->{ $this_item->{itemtype} }->{'imageurl'};
- $this_item->{'description'} = $itemtypes->{ $this_item->{itemtype} }->{'description'};
- }
+ if ( ShelfPossibleAction( $loggedinuser, $shelfnumber, 'view' ) ) {
+ my $items = GetShelfContents($shelfnumber);
+ for my $this_item (@$items) {
+ $this_item->{imageurl} = $imgdir."/".$itemtypes->{ $this_item->{itemtype} }->{'imageurl'};
+ $this_item->{'description'} = $itemtypes->{ $this_item->{itemtype} }->{'description'};
+ }
$showadd = 1;
my $i = 0;
foreach (grep {$i++ % 2} @$items) { # every other item
}
# my $manageshelf = &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' );
# ($manageshelf) and $showadd = 1;
- $template->param(
- shelfname => $shelflist->{$shelfnumber}->{'shelfname'},
- shelfnumber => $shelfnumber,
- viewshelf => $shelfnumber,
- manageshelf => &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' ),
- itemsloop => $items,
- );
- } else { push @paramsloop, {nopermission=>$shelfnumber}; }
+ $template->param(
+ shelfname => $shelflist->{$shelfnumber}->{'shelfname'},
+ shelfnumber => $shelfnumber,
+ viewshelf => $shelfnumber,
+ manageshelf => &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' ),
+ itemsloop => $items,
+ );
+ } else { push @paramsloop, {nopermission=>$shelfnumber} };
last SWITCH;
}
if ( $query->param('shelves') ) {
$shelflist->{$element}->{'mine'} = 1;
}
my $member = GetMember($owner,'borrowernumber');
- $shelflist->{$element}->{ownername} = $member->{firstname} . " " . $member->{surname};
+ $shelflist->{$element}->{ownername} = defined($member) ? $member->{firstname} . " " . $member->{surname} : '';
$numberCanManage++ if $canmanage; # possibly outmoded
if ($shelflist->{$element}->{'category'} eq '1') {
(scalar(@shelveslooppriv) % 2) and $shelflist->{$element}->{toggle} = 1;