kohabug 1875 Public lists/virtualshelves are displayed and viewable whether a patron...

NOTE: This patch introduces code which generates an anonymous session when a patron first browses to OPAC.
This anonymous session contains a minimal amount of information including the results of a query to discover
all public lists/shevles. When the user logs in, the anonymous session is cleared and a new session created
for that user.

kohabug 1875 - fix error when editing a patron record

C4::Auth::checkauth was not distinguishing between a
'userid' input from an OPAC or staff login form and
a 'userid' input from (e.g.,) the patron editor.
Consequently, adding or editing a patron record would
result in Koha trying to log in as the new patron.

To resolve this, added a hidden input to all login
forms, 'koha_login_context', to explicitly signal
when a login is occurring.  The value of this input
can be 'opac', 'intranet', or 'sco' - the value is
not used at present, but may be of use later.

C4::Auth - added debug flag to two warns

kohabug 1875 - create anonymous sessions only for OPAC

No need to create an anonymous session for the intranet.

set yuipath correct for login pages

When preparing the template parameters for a login form,
C4::Auth was overriding the value of yuipath set
by C4::Output::gettemplate(), thus causing 404 errors
if the 'yuipath' syspref was set to 'local'.

kohabug 1875 - avoid warns viewing lists anonymously

During an anonymous OPAC session, the $loggedinuser variable
is not set.  As the undefined value causes warns in
C4::VirtualShelves::Page::shelfpage, for the purpose of the
shelfpage call the loggedinuser is set to -1, which should
not correspond to any real borrower number.

This is admittedly a hack to avoid digging through all
of C4::VirtualShelves to deal with lists viewed anonymously.

kohabug 1875 Refactoring of &ModShelf to avoid overwriting list owner needlessly

kohabug 1875 Avoid warning if can't find owner of shelf

Since virtualshelves.owner is not a true FK of borrowersnumber.number,
set ownername to '' if can't find the patron

Signed-off-by: Joshua Ferraro <jmf@liblime.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 3556336..9311c88 100755 (executable)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -221,6 +221,26 @@ sub get_template_and_user {
             }
         }
     }
+       else {  # if this is an anonymous session, setup to display public lists...
+
+        # load the template variables for stylesheets and JavaScript
+        $template->param( css_libs => $in->{'css_libs'} );
+        $template->param( css_module => $in->{'css_module'} );
+        $template->param( css_page => $in->{'css_page'} );
+        $template->param( css_widgets => $in->{'css_widgets'} );
+
+        $template->param( js_libs => $in->{'js_libs'} );
+        $template->param( js_module => $in->{'js_module'} );
+        $template->param( js_page => $in->{'js_page'} );
+        $template->param( js_widgets => $in->{'js_widgets'} );
+
+        $template->param( sessionID        => $sessionID );
+               my $shelves;
+               if ($shelves = C4::Context->get_shelves_userenv()) {
+               $template->param( barshelves     => scalar (@$shelves));
+               $template->param( barshelvesloop => $shelves);
+               }
+       }
 
     if ( $in->{'type'} eq "intranet" ) {
         $template->param(
@@ -473,6 +493,7 @@ sub checkauth {
     my %info;
     my ( $userid, $cookie, $sessionID, $flags, $shelves );
     my $logout = $query->param('logout.x');
+
     if ( $userid = $ENV{'REMOTE_USER'} ) {
         # Using Basic Authentication, no cookies required
         $cookie = $query->cookie(
@@ -485,7 +506,7 @@ sub checkauth {
     elsif ( $sessionID = $query->cookie("CGISESSID")) {     # assignment, not comparison 
         my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
-        my ($ip, $lasttime);
+        my ($ip, $lasttime, $sessiontype);
         if ($session){
             C4::Context::set_userenv(
                 $session->param('number'),       $session->param('id'),
@@ -499,9 +520,20 @@ sub checkauth {
             $ip       = $session->param('ip');
             $lasttime = $session->param('lasttime');
             $userid   = $session->param('id');
+                       $sessiontype = $session->param('sessiontype');
         }
-    
-        if ($logout) {
+   
+               if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
+                       #if a user enters an id ne to the id in the current session, we need to log them in...
+                       #first we need to clear the anonymous session...
+                       $debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
+            $session->flush;      
+            $session->delete();
+            C4::Context->_unset_userenv($sessionID);
+                       $sessionID = undef;
+                       $userid = undef;
+               }
+        elsif ($logout) {
             # voluntary logout the user
             $session->flush;      
             $session->delete();
@@ -533,144 +565,159 @@ sub checkauth {
                else {
                        $cookie = $query->cookie( CGISESSID => $session->id );
                        $session->param('lasttime',time());
-                       $flags = haspermission( $dbh, $userid, $flagsrequired );
-                       if ($flags) {
-                               $loggedin = 1;
-                       } else {
-                               $info{'nopermission'} = 1;
+                       unless ( $sessiontype eq 'anon' ) {     #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
+                               $flags = haspermission( $dbh, $userid, $flagsrequired );
+                               if ($flags) {
+                                       $loggedin = 1;
+                               } else {
+                                       $info{'nopermission'} = 1;
+                               }
                        }
                }
     }
-    unless ($userid) {
-        my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
+    unless ($userid || $sessionID) {
+        #we initiate a session prior to checking for a username to allow for anonymous sessions...
+               my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
         my $sessionID = $session->id;
-        $userid    = $query->param('userid');
-        my $password = $query->param('password');
-        C4::Context->_new_userenv($sessionID);
-        my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
-        if ($return) {
-            _session_log(sprintf "%20s from %16s logged in  at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
-            $cookie = $query->cookie(CGISESSID => $sessionID);
-            if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
-                               $loggedin = 1;
-            }
-            else {
-                $info{'nopermission'} = 1;
-                C4::Context->_unset_userenv($sessionID);
-            }
-
-                       my ($borrowernumber, $firstname, $surname, $userflags,
-                               $branchcode, $branchname, $branchprinter, $emailaddress);
-
-            if ( $return == 1 ) {
-                my $select = "
-                SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode, 
-                        branches.branchname    as branchname, 
-                        branches.branchprinter as branchprinter, 
-                        email 
-                FROM borrowers 
-                LEFT JOIN branches on borrowers.branchcode=branches.branchcode
-                ";
-                my $sth = $dbh->prepare("$select where userid=?");
-                $sth->execute($userid);
-                               unless ($sth->rows) {
-                       $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
-                                       $sth = $dbh->prepare("$select where cardnumber=?");
-                    $sth->execute($cardnumber);
+               C4::Context->_new_userenv($sessionID);
+        $cookie = $query->cookie(CGISESSID => $sessionID);
+               if ( $userid    = $query->param('userid') ) {
+               my $password = $query->param('password');
+               my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
+               if ($return) {
+               _session_log(sprintf "%20s from %16s logged in  at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
+               if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
+                                       $loggedin = 1;
+               }
+                       else {
+                       $info{'nopermission'} = 1;
+                       C4::Context->_unset_userenv($sessionID);
+               }
+
+                               my ($borrowernumber, $firstname, $surname, $userflags,
+                                       $branchcode, $branchname, $branchprinter, $emailaddress);
+
+               if ( $return == 1 ) {
+                       my $select = "
+                       SELECT borrowernumber, firstname, surname, flags, borrowers.branchcode, 
+                           branches.branchname    as branchname, 
+                               branches.branchprinter as branchprinter, 
+                               email 
+                       FROM borrowers 
+                       LEFT JOIN branches on borrowers.branchcode=branches.branchcode
+                       ";
+                       my $sth = $dbh->prepare("$select where userid=?");
+                       $sth->execute($userid);
                                        unless ($sth->rows) {
-                               $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
-                       $sth->execute($userid);
+                               $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
+                                               $sth = $dbh->prepare("$select where cardnumber=?");
+                               $sth->execute($cardnumber);
                                                unless ($sth->rows) {
-                                       $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+                                       $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
+                               $sth->execute($userid);
+                                                       unless ($sth->rows) {
+                                               $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
+                                                       }
                                                }
                                        }
-                               }
-                if ($sth->rows) {
-                    ($borrowernumber, $firstname, $surname, $userflags,
-                       $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
-                                       $debug and print STDERR "AUTH_3 results: " .
-                                               "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
-                               } else {
-                                       print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
-                               }
+                       if ($sth->rows) {
+                       ($borrowernumber, $firstname, $surname, $userflags,
+                               $branchcode, $branchname, $branchprinter, $emailaddress) = $sth->fetchrow;
+                                               $debug and print STDERR "AUTH_3 results: " .
+                                                       "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
+                                       } else {
+                                               print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
+                                       }
 
 # launch a sequence to check if we have a ip for the branch, i
 # if we have one we replace the branchcode of the userenv by the branch bound in the ip.
 
-                my $ip       = $ENV{'REMOTE_ADDR'};
-                # if they specify at login, use that
-                if ($query->param('branch')) {
-                    $branchcode  = $query->param('branch');
-                    $branchname = GetBranchName($branchcode);
-                }
-                my $branches = GetBranches();
-                if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
-                                   # we have to check they are coming from the right ip range
-                                       my $domain = $branches->{$branchcode}->{'branchip'};
-                                       if ($ip !~ /^$domain/){
-                                               $loggedin=0;
-                                               $info{'wrongip'} = 1;
+                                       my $ip       = $ENV{'REMOTE_ADDR'};
+                                       # if they specify at login, use that
+                                       if ($query->param('branch')) {
+                                               $branchcode  = $query->param('branch');
+                                               $branchname = GetBranchName($branchcode);
+                                       }
+                                       my $branches = GetBranches();
+                                       if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
+                                               # we have to check they are coming from the right ip range
+                                               my $domain = $branches->{$branchcode}->{'branchip'};
+                                               if ($ip !~ /^$domain/){
+                                                       $loggedin=0;
+                                                       $info{'wrongip'} = 1;
+                                               }
                                        }
-                               }
 
-                my @branchesloop;
-                foreach my $br ( keys %$branches ) {
-                    #     now we work with the treatment of ip
-                    my $domain = $branches->{$br}->{'branchip'};
-                    if ( $domain && $ip =~ /^$domain/ ) {
-                        $branchcode = $branches->{$br}->{'branchcode'};
+                                       my @branchesloop;
+                                       foreach my $br ( keys %$branches ) {
+                                               #     now we work with the treatment of ip
+                                               my $domain = $branches->{$br}->{'branchip'};
+                                               if ( $domain && $ip =~ /^$domain/ ) {
+                                                       $branchcode = $branches->{$br}->{'branchcode'};
 
-                        # new op dev : add the branchprinter and branchname in the cookie
-                        $branchprinter = $branches->{$br}->{'branchprinter'};
-                        $branchname    = $branches->{$br}->{'branchname'};
-                    }
-                }
-                $session->param('number',$borrowernumber);
-                $session->param('id',$userid);
-                $session->param('cardnumber',$cardnumber);
-                $session->param('firstname',$firstname);
-                $session->param('surname',$surname);
-                $session->param('branch',$branchcode);
-                $session->param('branchname',$branchname);
-                $session->param('flags',$userflags);
-                $session->param('emailaddress',$emailaddress);
-                $session->param('ip',$session->remote_addr());
-                $session->param('lasttime',time());
-                $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
-            }
-            elsif ( $return == 2 ) {
-                #We suppose the user is the superlibrarian
-                               $borrowernumber = 0;
-                $session->param('number',0);
-                $session->param('id',C4::Context->config('user'));
-                $session->param('cardnumber',C4::Context->config('user'));
-                $session->param('firstname',C4::Context->config('user'));
-                $session->param('surname',C4::Context->config('user'));
-                $session->param('branch','NO_LIBRARY_SET');
-                $session->param('branchname','NO_LIBRARY_SET');
-                $session->param('flags',1);
-                $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
-                $session->param('ip',$session->remote_addr());
-                $session->param('lasttime',time());
-            }
-            C4::Context::set_userenv(
-                $session->param('number'),       $session->param('id'),
-                $session->param('cardnumber'),   $session->param('firstname'),
-                $session->param('surname'),      $session->param('branch'),
-                $session->param('branchname'),   $session->param('flags'),
-                $session->param('emailaddress'), $session->param('branchprinter')
-            );
-                       $shelves = GetShelvesSummary($borrowernumber,2,10);
+                                                       # new op dev : add the branchprinter and branchname in the cookie
+                                                       $branchprinter = $branches->{$br}->{'branchprinter'};
+                                                       $branchname    = $branches->{$br}->{'branchname'};
+                                               }
+                                       }
+                                       $session->param('number',$borrowernumber);
+                                       $session->param('id',$userid);
+                                       $session->param('cardnumber',$cardnumber);
+                                       $session->param('firstname',$firstname);
+                                       $session->param('surname',$surname);
+                                       $session->param('branch',$branchcode);
+                                       $session->param('branchname',$branchname);
+                                       $session->param('flags',$userflags);
+                                       $session->param('emailaddress',$emailaddress);
+                                       $session->param('ip',$session->remote_addr());
+                                       $session->param('lasttime',time());
+                                       $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map {$session->param($_)} qw(cardnumber firstname surname branch) ;
+                               }
+                               elsif ( $return == 2 ) {
+                                       #We suppose the user is the superlibrarian
+                                       $borrowernumber = 0;
+                                       $session->param('number',0);
+                                       $session->param('id',C4::Context->config('user'));
+                                       $session->param('cardnumber',C4::Context->config('user'));
+                                       $session->param('firstname',C4::Context->config('user'));
+                                       $session->param('surname',C4::Context->config('user'));
+                                       $session->param('branch','NO_LIBRARY_SET');
+                                       $session->param('branchname','NO_LIBRARY_SET');
+                                       $session->param('flags',1);
+                                       $session->param('emailaddress', C4::Context->preference('KohaAdminEmailAddress'));
+                                       $session->param('ip',$session->remote_addr());
+                                       $session->param('lasttime',time());
+                               }
+                               C4::Context::set_userenv(
+                                       $session->param('number'),       $session->param('id'),
+                                       $session->param('cardnumber'),   $session->param('firstname'),
+                                       $session->param('surname'),      $session->param('branch'),
+                                       $session->param('branchname'),   $session->param('flags'),
+                                       $session->param('emailaddress'), $session->param('branchprinter')
+                               );
+                               $shelves = GetShelvesSummary($borrowernumber,2,10);
+                               $session->param('shelves', $shelves);
+                               C4::Context::set_shelves_userenv($shelves);
+                       }
+               else {
+               if ($userid) {
+                       $info{'invalid_username_or_password'} = 1;
+                       C4::Context->_unset_userenv($sessionID);
+               }
+                       }
+        }      # END if ( $userid    = $query->param('userid') )
+               elsif ($type eq "opac") {       
+            # if we are here this is an anonymous session; add public lists to it and a few other items...
+            # anonymous sessions are created only for the OPAC
+                       $debug and warn "Initiating an anonymous session...";
+                       $shelves = GetShelvesSummary(0,2,10);
                        $session->param('shelves', $shelves);
                        C4::Context::set_shelves_userenv($shelves);
-        }
-        else {
-            if ($userid) {
-                $info{'invalid_username_or_password'} = 1;
-                C4::Context->_unset_userenv($sessionID);
-            }
-
-        }
+                       # setting a couple of other session vars...
+                       $session->param('ip',$session->remote_addr());
+                       $session->param('lasttime',time());
+                       $session->param('sessiontype','anon');
+               }
     }  # END unless ($userid)
     my $insecure = C4::Context->boolean_preference('insecure');
 
@@ -738,7 +785,6 @@ sub checkauth {
         TemplateEncoding   => C4::Context->preference("TemplateEncoding"),
         IndependantBranches=> C4::Context->preference("IndependantBranches"),
         AutoLocation       => C4::Context->preference("AutoLocation"),
-        yuipath            => C4::Context->preference("yuipath"),
                wrongip            => $info{'wrongip'}
     );
     

diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm
index fc56284..85a511f 100644 (file)
--- a/C4/VirtualShelves.pm
+++ b/C4/VirtualShelves.pm
@@ -25,6 +25,8 @@ use strict;
 use Carp;
 use C4::Context;
 use C4::Circulation;
+use C4::Debug;
+
 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);
 
 BEGIN {
@@ -341,21 +343,51 @@ sub AddToShelfFromBiblio {
 
 =item ModShelf
 
-ModShelf($shelfnumber, $shelfname, $owner, $category )
+ModShelf($shelfnumber, $hashref)
+
+Where $hashref->{column} = param
 
-Modify the value into virtualshelves table with values given on input arg.
+Modify the value into virtualshelves table with values given 
+from hashref, which each key of the hashref should be
+the name of a column of virtualshelves.
 
 =cut
 
 sub ModShelf {
-    my ( $shelfnumber, $shelfname, $owner, $category, $sortfield ) = @_;
-    my $query = qq(
-        UPDATE virtualshelves
-        SET    shelfname=?,owner=?,category=?,sortfield=?
-        WHERE  shelfnumber=?
-    );
+    my $shelfnumber = shift;
+    my $shelf = shift;
+
+    if (exists $shelf->{shelfnumber}) {
+        carp "Should not use ModShelf to change shelfnumber";
+        return;
+    }
+    unless (defined $shelfnumber and $shelfnumber =~ /^\d+$/) {
+        carp "Invalid shelfnumber passed to ModShelf: $shelfnumber";
+        return;
+    }
+
+       my $query = "UPDATE virtualshelves SET ";
+    my @bind_params = ();
+    my @set_clauses = ();
+
+       foreach my $column (keys %$shelf) {
+        push @set_clauses, "$column = ?";
+        push @bind_params, $shelf->{$column};
+    }
+
+    if ($#set_clauses == -1) {
+        carp "No columns to update passed to ModShelf";
+        return;
+    }
+    $query .= join(", ", @set_clauses);
+
+    $query .= " WHERE shelfnumber = ? ";
+    push @bind_params, $shelfnumber;
+
+    $debug and warn "ModShelf query:\n $query\n",
+                       "ModShelf query args: ", join(',', @bind_params), "\n";
        my $sth = $dbh->prepare($query);
-    $sth->execute( $shelfname, $owner, $category, $sortfield, $shelfnumber );
+       $sth->execute( @bind_params );
 }
 
 =item ShelfPossibleAction

diff --git a/C4/VirtualShelves/Page.pm b/C4/VirtualShelves/Page.pm
index bd2255f..0789a69 100755 (executable)
--- a/C4/VirtualShelves/Page.pm
+++ b/C4/VirtualShelves/Page.pm
@@ -119,19 +119,24 @@ SWITCH: {
                        last SWITCH;
                }
                if ( $op eq 'modifsave' ) {
-                       ModShelf(
-                               $shelfnumber, $query->param('shelfname'), $loggedinuser,
-                               $query->param('category'), $query->param('sortfield')
-                       );
+                       my $shelf = {
+                       'shelfname'             => $query->param('shelfname'),
+                               'category'              => $query->param('category'),
+                               'sortfield'             => $query->param('sortfield'),
+                       };
+                       $shelf->{'owner'} = $loggedinuser if $type eq 'intranet';       #we only overwrite the list owner if &ModShelf was called from the staff client
+
+                       ModShelf( $shelfnumber, $shelf );
                        $shelflist = GetShelves( $loggedinuser, 2 );    # refresh after mods
                } elsif ( $op eq 'modif' ) {
-                       my ( $shelfnumber2, $shelfname, $owner, $category, $sortfield ) =GetShelf( $query->param('shelfnumber') );
+                       my ( $shelfnumber2, $shelfname, $owner, $category, $sortfield ) =GetShelf( $shelfnumber );
                        $template->param(
                                edit                => 1,
                                shelfnumber         => $shelfnumber2,
                                shelfname           => $shelfname,
                                owner               => $owner,
-                               "category$category" => 1,
+                               "category$category"     => 1,
+                               category                        => $category,
                                "sort_$sortfield"   => 1,
                        );
                }
@@ -139,12 +144,12 @@ SWITCH: {
        }
     if ($shelfnumber = $query->param('viewshelf') ) {
         #check that the user can view the shelf
-        if ( ShelfPossibleAction( $loggedinuser, $shelfnumber, 'view' ) ) {
-            my $items = GetShelfContents($shelfnumber);
-            for my $this_item (@$items) {
-                $this_item->{imageurl} = $imgdir."/".$itemtypes->{ $this_item->{itemtype}  }->{'imageurl'};
-                $this_item->{'description'} = $itemtypes->{ $this_item->{itemtype} }->{'description'};
-            }
+               if ( ShelfPossibleAction( $loggedinuser, $shelfnumber, 'view' ) ) {
+                       my $items = GetShelfContents($shelfnumber);
+                       for my $this_item (@$items) {
+                               $this_item->{imageurl} = $imgdir."/".$itemtypes->{ $this_item->{itemtype}  }->{'imageurl'};
+                               $this_item->{'description'} = $itemtypes->{ $this_item->{itemtype} }->{'description'};
+                       }
                        $showadd = 1;
                        my $i = 0;
                        foreach (grep {$i++ % 2} @$items) {     # every other item
@@ -152,14 +157,14 @@ SWITCH: {
                        }
                        # my $manageshelf = &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' );
                        # ($manageshelf) and $showadd = 1;
-            $template->param(
-                shelfname   => $shelflist->{$shelfnumber}->{'shelfname'},
-                shelfnumber => $shelfnumber,
-                viewshelf   => $shelfnumber,
-                manageshelf => &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' ),
-                itemsloop => $items,
-            );
-        } else { push @paramsloop, {nopermission=>$shelfnumber}; }
+                       $template->param(
+                               shelfname   => $shelflist->{$shelfnumber}->{'shelfname'},
+                               shelfnumber => $shelfnumber,
+                               viewshelf   => $shelfnumber,
+                               manageshelf => &ShelfPossibleAction( $loggedinuser, $shelfnumber, 'manage' ),
+                               itemsloop => $items,
+                       );
+               } else { push @paramsloop, {nopermission=>$shelfnumber} };
         last SWITCH;
     }
     if ( $query->param('shelves') ) {
@@ -234,7 +239,7 @@ foreach my $element (sort { lc($shelflist->{$a}->{'shelfname'}) cmp lc($shelflis
                $shelflist->{$element}->{'mine'} = 1;
        } 
        my $member = GetMember($owner,'borrowernumber');
-       $shelflist->{$element}->{ownername} = $member->{firstname} . " " . $member->{surname};
+       $shelflist->{$element}->{ownername} = defined($member) ? $member->{firstname} . " " . $member->{surname} : '';
        $numberCanManage++ if $canmanage;       # possibly outmoded
        if ($shelflist->{$element}->{'category'} eq '1') {
                (scalar(@shelveslooppriv) % 2) and $shelflist->{$element}->{toggle} = 1;

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl
index 3e56cab..b3d1f4c 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl
@@ -37,6 +37,7 @@
 
 <!-- login prompt time-->
 <form action="<!-- TMPL_VAR NAME="url" -->" method="post" name="loginform" id="loginform">
+    <input type="hidden" name="koha_login_context" value="intranet" />
 <!-- TMPL_LOOP NAME="INPUTS" -->
     <input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" ESCAPE="html" -->" />
 <!-- /TMPL_LOOP -->

diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl
index 21d5afe..1262156 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl
@@ -40,7 +40,7 @@
 <!-- /TMPL_IF -->
 
 <form action="<!-- TMPL_VAR NAME="url" -->" name="auth" id="auth" method="post">
-
+  <input type="hidden" name="koha_login_context" value="opac" />
 <fieldset class="brief"><!-- TMPL_LOOP NAME="INPUTS" -->
   <input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->" />
 <!-- /TMPL_LOOP -->

diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl
index 023ac1d..a2313b2 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl
@@ -96,6 +96,7 @@
     <div class="yui-u">
        <div id="login" class="container">
        <form action="/cgi-bin/koha/opac-user.pl" method="post" name="auth" id="auth">
+    <input type="hidden" name="koha_login_context" value="opac" />
        <fieldset class="brief">
                <legend>Log in to Your Account:</legend>
                <ol>

diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-shelves.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-shelves.tmpl
index ae9c34d..bd67918 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-shelves.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-shelves.tmpl
@@ -169,7 +169,7 @@ $.tablesorter.addParser({
             </select></li>
             </ol>
             </fieldset>
-            <fieldset class="action"><input type="hidden" name="category" value="1" /><input type="submit" value="Save" class="submit" /> <a class="cancel" href="/cgi-bin/koha/opac-shelves.pl?shelfnumber=<!-- TMPL_VAR NAME="shelfnumber" -->">Cancel</a></fieldset>
+            <fieldset class="action"><input type="hidden" name="category" value="<!-- TMPL_VAR NAME="category" -->" /><input type="submit" value="Save" class="submit" /> <a class="cancel" href="/cgi-bin/koha/opac-shelves.pl?shelfnumber=<!-- TMPL_VAR NAME="shelfnumber" -->">Cancel</a></fieldset>
         </form>
     <!-- /TMPL_IF -->
 

diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
index 088d23a..a03fbc0 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/sco/sco-main.tmpl
@@ -78,6 +78,7 @@ Sorry, This Self-Checkout Station has lost authentication.  Please contact the a
        <!-- TMPL_UNLESS NAME="validuser" -->
        <div class="sco_entry" >
        <form id="mainform" action="/cgi-bin/koha/sco/sco-main.pl" name="myForm" method="post">
+      <input type="hidden" name="koha_login_context" value="sco" />
        <p class="checkout"><label for="userid">Please enter your cardnumber:</label> 
        <input type="text" id="userid" class="firstField" size="10" name="userid" onblur="ValidateCode();" />
        <!-- TMPL_LOOP NAME="INPUTS" --><input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->"><!-- /TMPL_LOOP -->

diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl
index b26f73a..61bf9e3 100755 (executable)
--- a/opac/opac-shelves.pl
+++ b/opac/opac-shelves.pl
@@ -31,4 +31,10 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
         type            => "opac",
         authnotrequired => 1,
     });
-shelfpage('opac', $query, $template, $loggedinuser, $cookie);
+
+# if $loggedinuser is not defined, set it to -1, which should
+# not correspond to any real borrowernumber.  
+# FIXME: this is a hack to temporarily avoid changing several
+#        routines in C4::VirtualShelves and C4::VirtualShelves::page
+#        to deal with lists accessed during an anonymous OPAC session
+shelfpage('opac', $query, $template, (defined($loggedinuser) ? $loggedinuser : -1), $cookie);