$template->param( "USER_INFO" => \@bordat );
my @flagroots = qw(circulate catalogue parameters borrowers permissions reserveforothers borrow
- editcatalogue updatecharge management tools editauthorities serials reports);
+ editcatalogue updatecharges management tools editauthorities serials reports);
# We are going to use the $flags returned by checkauth
# to create the template's parameters that will indicate
# which menus the user can access.
$template->param( CAN_user_reserveforothers => 1 );
$template->param( CAN_user_borrow => 1 );
$template->param( CAN_user_editcatalogue => 1 );
- $template->param( CAN_user_updatecharge => 1 );
+ $template->param( CAN_user_updatecharges => 1 );
$template->param( CAN_user_acquisition => 1 );
$template->param( CAN_user_management => 1 );
$template->param( CAN_user_tools => 1 );
'item-level_itypes' => C4::Context->preference('item-level_itypes'),
canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'),
intranetreadinghistory => C4::Context->preference("intranetreadinghistory"),
+ noItemTypeImages => C4::Context->preference("noItemTypeImages"),
);
}
else {
);
$loggedin = 1;
}
- elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison (?)
+ elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison
my $session = get_session($sessionID);
C4::Context->_new_userenv($sessionID);
if ($session){
_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},localtime);
$cookie = $query->cookie(CGISESSID => $sessionID);
if ( $flags = haspermission( $dbh, $userid, $flagsrequired ) ) {
- $loggedin = 1;
+ $loggedin = 1;
}
else {
$info{'nopermission'} = 1;
$branchname = GetBranchName($branchcode);
}
my $branches = GetBranches();
+ if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){
+ # we have to check they are coming from the right ip range
+ my $domain = $branches->{$branchcode}->{'branchip'};
+ if ($ip !~ /^$domain/){
+ $loggedin=0;
+ $info{'wrongip'} = 1;
+ }
+ }
+
my @branchesloop;
foreach my $br ( keys %$branches ) {
# now we work with the treatment of ip
$info{'invalid_username_or_password'} = 1;
C4::Context->_unset_userenv($sessionID);
}
+
}
}
my $insecure = C4::Context->boolean_preference('insecure');
IndependantBranches => C4::Context->preference("IndependantBranches"),
AutoLocation => C4::Context->preference("AutoLocation"),
yuipath => C4::Context->preference("yuipath"),
+ wrongip => $info{'wrongip'}
);
+
$template->param( loginprompt => 1 ) unless $info{'nopermission'};
my $self_url = $query->url( -absolute => 1 );