use C4::Languages;
use C4::Search::History;
use Koha;
+use Koha::Logger;
use Koha::Caches;
use Koha::AuthUtils qw(get_script_name hash_password);
use Koha::Checkouts;
use Koha::DateUtils qw(dt_from_string);
use Koha::Library::Groups;
use Koha::Libraries;
+use Koha::Cash::Registers;
use Koha::Desks;
use Koha::Patrons;
use Koha::Patron::Consents;
use C4::Log qw/logaction/;
# use utf8;
-use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout);
+use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $ldap $cas $caslogout);
BEGIN {
sub psgi_env { any { /^psgi\./ } keys %ENV }
C4::Context->set_remote_address;
- $debug = $ENV{DEBUG};
@ISA = qw(Exporter);
@EXPORT = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions);
@EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &checkpw_internal &checkpw_hash
use C4::Auth;
use C4::Output;
- my $query = new CGI;
+ my $query = CGI->new;
my ($template, $borrowernumber, $cookie)
= get_template_and_user(
$template->param( CAN_user_editcatalogue => 1 );
$template->param( CAN_user_updatecharges => 1 );
$template->param( CAN_user_acquisition => 1 );
+ $template->param( CAN_user_suggestions => 1 );
$template->param( CAN_user_tools => 1 );
$template->param( CAN_user_editauthorities => 1 );
$template->param( CAN_user_serials => 1 );
$template->param( CAN_user_reports => 1 );
$template->param( CAN_user_staffaccess => 1 );
- $template->param( CAN_user_plugins => 1 );
$template->param( CAN_user_coursereserves => 1 );
+ $template->param( CAN_user_plugins => 1 );
+ $template->param( CAN_user_lists => 1 );
$template->param( CAN_user_clubs => 1 );
$template->param( CAN_user_ill => 1 );
$template->param( CAN_user_stockrotation => 1 );
- $template->param( CAN_user_problem_reports => 1 );
+ $template->param( CAN_user_cash_management => 1 );
+ $template->param( CAN_user_problem_reports => 1 );
foreach my $module ( keys %$all_perms ) {
foreach my $subperm ( keys %{ $all_perms->{$module} } ) {
}
}
+ # Sysprefs disabled via URL param
+ # Note that value must be defined in order to override via ENV
+ foreach my $syspref (
+ qw(
+ OPACUserCSS
+ OPACUserJS
+ IntranetUserCSS
+ IntranetUserJS
+ OpacAdditionalStylesheet
+ opaclayoutstylesheet
+ intranetcolorstylesheet
+ intranetstylesheet
+ )
+ )
+ {
+ $ENV{"OVERRIDE_SYSPREF_$syspref"} = q{}
+ if $in->{'query'}->param("DISABLE_SYSPREF_$syspref");
+ }
+
# Anonymous opac search history
# If opac search history is enabled and at least one search has already been performed
if ( C4::Context->preference('EnableOpacSearchHistory') ) {
intranetstylesheet => C4::Context->preference("intranetstylesheet"),
IntranetUserCSS => C4::Context->preference("IntranetUserCSS"),
IntranetUserJS => C4::Context->preference("IntranetUserJS"),
- intranetbookbag => C4::Context->preference("intranetbookbag"),
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"),
&& $in->{'template_name'} =~ /opac-(.+)\.(?:tt|tmpl)$/ ) {
my $pagename = $1;
unless ( $pagename =~ /^(?:MARC|ISBD)?detail$/
+ or $pagename =~ /^showmarc$/
or $pagename =~ /^addbybiblionumber$/
or $pagename =~ /^review$/ ) {
my $sessionSearch = get_session( $sessionID || $in->{'query'}->cookie("CGISESSID") );
# remove the 3 last . to have a Perl number
$kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/;
- $debug and print STDERR "kohaversion : $kohaversion\n";
+ Koha::Logger->get->debug("kohaversion : $kohaversion");
if ( $version < $kohaversion ) {
my $warning = "Database update needed, redirecting to %s. Database is $version and Koha is $kohaversion";
if ( $type ne 'opac' ) {
sub checkauth {
my $query = shift;
- $debug and warn "Checking Auth";
# Get shibboleth login attribute
my $shib = C4::Context->config('useshibboleth') && shib_ok();
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('shibboleth'),
- $session->param('desk_id'), $session->param('desk_name')
+ $session->param('desk_id'), $session->param('desk_name'),
+ $session->param('register_id'), $session->param('register_name')
);
- C4::Context::set_shelves_userenv( 'bar', $session->param('barshelves') );
- C4::Context::set_shelves_userenv( 'pub', $session->param('pubshelves') );
- C4::Context::set_shelves_userenv( 'tot', $session->param('totshelves') );
- $debug and printf STDERR "AUTH_SESSION: (%s)\t%s %s - %s\n", map { $session->param($_) } qw(cardnumber firstname surname branch);
+ Koha::Logger->get->debug(sprintf "AUTH_SESSION: (%s)\t%s %s - %s", map { $session->param($_) } qw(cardnumber firstname surname branch));
$ip = $session->param('ip');
$lasttime = $session->param('lasttime');
$userid = $s_userid;
#if a user enters an id ne to the id in the current session, we need to log them in...
#first we need to clear the anonymous session...
- $debug and warn "query id = $q_userid but session id = $s_userid";
$anon_search_history = $session->param('search_history');
$session->delete();
$session->flush;
}
else {
my $retuserid;
- ( $return, $cardnumber, $retuserid, $cas_ticket ) =
- checkpw( $dbh, $q_userid, $password, $query, $type );
- $userid = $retuserid if ($retuserid);
- $info{'invalid_username_or_password'} = 1 unless ($return);
+ my $request_method = $query->request_method();
+ if ($request_method eq 'POST'){
+ ( $return, $cardnumber, $retuserid, $cas_ticket ) =
+ checkpw( $dbh, $q_userid, $password, $query, $type );
+ $userid = $retuserid if ($retuserid);
+ $info{'invalid_username_or_password'} = 1 unless ($return);
+ }
}
}
+ # If shib configured and shibOnly enabled, we should ignore anything other than a shibboleth type login.
+ if (
+ $shib
+ && !$shibSuccess
+ && (
+ (
+ ( $type eq 'opac' )
+ && C4::Context->preference('OPACShibOnly')
+ )
+ || ( ( $type ne 'opac' )
+ && C4::Context->preference('staffShibOnly') )
+ )
+ )
+ {
+ $return = 0;
+ }
+
# $return: 1 = valid user
if ($return) {
C4::Context->_unset_userenv($sessionID);
}
my ( $borrowernumber, $firstname, $surname, $userflags,
- $branchcode, $branchname, $emailaddress, $desk_id, $desk_name );
+ $branchcode, $branchname, $emailaddress, $desk_id,
+ $desk_name, $register_id, $register_name );
if ( $return == 1 ) {
my $select = "
my $sth = $dbh->prepare("$select where userid=?");
$sth->execute($userid);
unless ( $sth->rows ) {
- $debug and print STDERR "AUTH_1: no rows for userid='$userid'\n";
$sth = $dbh->prepare("$select where cardnumber=?");
$sth->execute($cardnumber);
unless ( $sth->rows ) {
- $debug and print STDERR "AUTH_2a: no rows for cardnumber='$cardnumber'\n";
$sth->execute($userid);
- unless ( $sth->rows ) {
- $debug and print STDERR "AUTH_2b: no rows for userid='$userid' AS cardnumber\n";
- }
}
}
if ( $sth->rows ) {
( $borrowernumber, $firstname, $surname, $userflags,
$branchcode, $branchname, $emailaddress ) = $sth->fetchrow;
- $debug and print STDERR "AUTH_3 results: " .
- "$cardnumber,$borrowernumber,$userid,$firstname,$surname,$userflags,$branchcode,$emailaddress\n";
- } else {
- print STDERR "AUTH_3: no results for userid='$userid', cardnumber='$cardnumber'.\n";
}
# launch a sequence to check if we have a ip for the branch, i
my $desk = Koha::Desks->find($desk_id);
$desk_name = $desk ? $desk->desk_name : '';
}
+ if ( C4::Context->preference('UseCashRegisters') ) {
+ my $register =
+ $query->param('register_id')
+ ? Koha::Cash::Registers->find($query->param('register_id'))
+ : Koha::Cash::Registers->search(
+ { branch => $branchcode, branch_default => 1 },
+ { rows => 1 } )->single;
+ $register_id = $register->id if ($register);
+ $register_name = $register->name if ($register);
+ }
my $branches = { map { $_->branchcode => $_->unblessed } Koha::Libraries->search };
- if ( $type ne 'opac' and C4::Context->boolean_preference('AutoLocation') ) {
+ if ( $type ne 'opac' and C4::Context->preference('AutoLocation') ) {
# we have to check they are coming from the right ip range
my $domain = $branches->{$branchcode}->{'branchip'};
$session->param( 'lasttime', time() );
$session->param( 'interface', $type);
$session->param( 'shibboleth', $shibSuccess );
- $debug and printf STDERR "AUTH_4: (%s)\t%s %s - %s\n", map { $session->param($_) } qw(cardnumber firstname surname branch);
+ $session->param( 'register_id', $register_id );
+ $session->param( 'register_name', $register_name );
}
$session->param('cas_ticket', $cas_ticket) if $cas_ticket;
C4::Context->set_userenv(
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('shibboleth'),
- $session->param('desk_id'), $session->param('desk_name')
+ $session->param('desk_id'), $session->param('desk_name'),
+ $session->param('register_id'), $session->param('register_name')
);
}
# $return: 0 = invalid user
# reset to anonymous session
else {
- $debug and warn "Login failed, resetting anonymous session...";
if ($userid) {
$info{'invalid_username_or_password'} = 1;
C4::Context->_unset_userenv($sessionID);
} # END if ( $q_userid
elsif ( $type eq "opac" ) {
- # if we are here this is an anonymous session; add public lists to it and a few other items...
# anonymous sessions are created only for the OPAC
- $debug and warn "Initiating an anonymous session...";
# setting a couple of other session vars...
$session->param( 'ip', $session->remote_addr() );
OPACUserCSS => C4::Context->preference("OPACUserCSS"),
intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
intranetstylesheet => C4::Context->preference("intranetstylesheet"),
- intranetbookbag => C4::Context->preference("intranetbookbag"),
IntranetNav => C4::Context->preference("IntranetNav"),
IntranetFavicon => C4::Context->preference("IntranetFavicon"),
IntranetUserCSS => C4::Context->preference("IntranetUserCSS"),
}
if ($shib) {
+ #If shibOnly is enabled just go ahead and redirect directly
+ if ( (($type eq 'opac') && C4::Context->preference('OPACShibOnly')) || (($type ne 'opac') && C4::Context->preference('staffShibOnly')) ) {
+ my $redirect_url = login_shib_url( $query );
+ print $query->redirect( -uri => "$redirect_url", -status => 303 );
+ safe_exit;
+ }
+
$template->param(
shibbolethAuthentication => $shib,
shibbolethLoginUrl => login_shib_url($query),
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('shibboleth'),
- $session->param('desk_id'), $session->param('desk_name')
+ $session->param('desk_id'), $session->param('desk_name'),
+ $session->param('register_id'), $session->param('register_name')
);
my $ip = $session->param('ip');
# Proxy CAS auth
if ( $cas && $query->param('PT') ) {
my $retuserid;
- $debug and print STDERR "## check_api_auth - checking CAS\n";
# In case of a CAS authentication, we use the ticket instead of the password
my $PT = $query->param('PT');
$session->param('number'), $session->param('id'),
$session->param('cardnumber'), $session->param('firstname'),
$session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('shibboleth'),
- $session->param('desk_id'), $session->param('desk_name')
+ $session->param('desk_id'), $session->param('desk_name'),
+ $session->param('register_id'), $session->param('register_name')
);
return ( "ok", $cookie, $sessionID );
} else {
$session->param('surname'), $session->param('branch'),
$session->param('branchname'), $session->param('flags'),
$session->param('emailaddress'), $session->param('shibboleth'),
- $session->param('desk_id'), $session->param('desk_name')
+ $session->param('desk_id'), $session->param('desk_name'),
+ $session->param('register_id'), $session->param('register_name')
);
my $ip = $session->param('ip');
my $storage_method = C4::Context->preference('SessionStorage');
if ( $storage_method eq 'mysql' ) {
my $dbh = C4::Context->dbh;
- return { dsn => "driver:MySQL;serializer:yaml;id:md5", dsn_args => { Handle => $dbh } };
+ return { dsn => "serializer:yamlxs;driver:MySQL;id:md5", dsn_args => { Handle => $dbh } };
}
elsif ( $storage_method eq 'Pg' ) {
my $dbh = C4::Context->dbh;
- return { dsn => "driver:PostgreSQL;serializer:yaml;id:md5", dsn_args => { Handle => $dbh } };
+ return { dsn => "serializer:yamlxs;driver:PostgreSQL;id:md5", dsn_args => { Handle => $dbh } };
}
elsif ( $storage_method eq 'memcached' && Koha::Caches->get_instance->memcached_cache ) {
my $memcached = Koha::Caches->get_instance()->memcached_cache;
- return { dsn => "driver:memcached;serializer:yaml;id:md5", dsn_args => { Memcached => $memcached } };
+ return { dsn => "serializer:yamlxs;driver:memcached;id:md5", dsn_args => { Memcached => $memcached } };
}
else {
# catch all defaults to tmp should work on all systems
my $dir = C4::Context::temporary_directory;
my $instance = C4::Context->config( 'database' ); #actually for packages not exactly the instance name, but generally safer to leave it as it is
- return { dsn => "driver:File;serializer:yaml;id:md5", dsn_args => { Directory => "$dir/cgisess_$instance" } };
+ return { dsn => "serializer:yamlxs;driver:File;id:md5", dsn_args => { Directory => "$dir/cgisess_$instance" } };
}
}
sub get_session {
my $sessionID = shift;
my $params = _get_session_params();
- return CGI::Session->new( $params->{dsn}, $sessionID, $params->{dsn_args} );
+ my $session = CGI::Session->new( $params->{dsn}, $sessionID, $params->{dsn_args} );
+ if ( ! $session ){
+ die CGI::Session->errstr();
+ }
+ return $session;
}
if ( $patron and $patron->account_locked ) {
# Nothing to check, account is locked
} elsif ($ldap && defined($password)) {
- $debug and print STDERR "## checkpw - checking LDAP\n";
my ( $retval, $retcard, $retuserid ) = checkpw_ldap(@_); # EXTERNAL AUTH
if ( $retval == 1 ) {
@return = ( $retval, $retcard, $retuserid );
$check_internal_as_fallback = 1 if $retval == 0;
} elsif ( $cas && $query && $query->param('ticket') ) {
- $debug and print STDERR "## checkpw - checking CAS\n";
# In case of a CAS authentication, we use the ticket instead of the password
my $ticket = $query->param('ticket');
# time around.
elsif ( $shib && $shib_login && !$password ) {
- $debug and print STDERR "## checkpw - checking Shibboleth\n";
-
# In case of a Shibboleth authentication, we expect a shibboleth user attribute
# (defined under shibboleth mapping in koha-conf.xml) to contain the login of the
# shibboleth-authenticated user
if (scalar @allowedipranges > 0) {
my @rangelist;
eval { @rangelist = Net::CIDR::range2cidr(@allowedipranges); }; return 0 if $@;
- eval { $result = Net::CIDR::cidrlookup($ENV{'REMOTE_ADDR'}, @rangelist) } || ( $ENV{DEBUG} && warn 'cidrlookup failed for ' . join(' ',@rangelist) );
+ eval { $result = Net::CIDR::cidrlookup($ENV{'REMOTE_ADDR'}, @rangelist) } || Koha::Logger->get->warn('cidrlookup failed for ' . join(' ',@rangelist) );
}
return $result ? 1 : 0;
}