projects / srvgit / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 14699: Show number of selected searches in search history
[srvgit] / members / deletemem.pl
diff --git a/members/deletemem.pl b/members/deletemem.pl
index 173d70e..b51c721 100755 (executable)
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -25,13 +25,16 @@ use strict;
 #use warnings; FIXME - Bug 2505
 
 use CGI qw ( -utf8 );
+use Digest::MD5 qw(md5_base64);
 use C4::Context;
 use C4::Output;
 use C4::Auth;
 use C4::Members;
-use C4::Branch; # GetBranches
 use Module::Load;
+use Koha::Patrons;
 use Koha::Patron::Images;
+use Koha::Token;
+
 if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {
     load Koha::NorwegianPatronDB, qw( NLMarkForDeletion NLSync );
 }
@@ -53,7 +56,7 @@ my $member       = $input->param('member');
 #Do not delete yourself...
 if ($borrowernumber == $member ) {
     print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_YOURSELF");
-    exit 1;
+    exit 0; # Exit without error
 }
 
 # Handle deletion from the Norwegian national patron database, if it is enabled
@@ -82,12 +85,12 @@ my $userenv = C4::Context->userenv;
 if ($bor->{category_type} eq "S") {
     unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
-        exit 1;
+        exit 0; # Exit without error
     }
 } else {
     unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
        print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
-       exit 1;
+        exit 0; # Exit without error
     }
 }
 
@@ -96,7 +99,7 @@ if (C4::Context->preference("IndependentBranches")) {
     if ( !C4::Context->IsSuperLibrarian() && $bor->{'branchcode'}){
         unless ($userenv->{branch} eq $bor->{'branchcode'}){
             print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY");
-            exit;
+            exit 0; # Exit without error
         }
     }
 }
@@ -104,7 +107,7 @@ if (C4::Context->preference("IndependentBranches")) {
 my $op = $input->param('op') || 'delete_confirm';
 my $dbh = C4::Context->dbh;
 my $is_guarantor = $dbh->selectrow_array("SELECT COUNT(*) FROM borrowers WHERE guarantorid=?", undef, $member);
-if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_guarantor or $deletelocal == 0){
+if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_guarantor or $deletelocal == 0) {
     my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber});
     $template->param( picture => 1 ) if $patron_image;
 
@@ -124,7 +127,6 @@ if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_
         phone => $bor->{'phone'},
         email => $bor->{'email'},
         branchcode => $bor->{'branchcode'},
-        branchname => GetBranchName($bor->{'branchcode'}),
                activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
         RoutingSerials => C4::Context->preference('RoutingSerials'),
     );
@@ -142,15 +144,29 @@ if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_
     }
     # This is silly written but reflect the same conditions as above
     if ( not $countissues > 0 and not $flags->{CHARGES} ne '' and not $is_guarantor and not $deletelocal == 0 ) {
-        $template->param( op => 'delete_confirm' );
+        $template->param(
+            op         => 'delete_confirm',
+            csrf_token => Koha::Token->new->generate_csrf(
+                {   id     => C4::Context->userenv->{id},
+                    secret => md5_base64( C4::Context->config('pass') ),
+                }
+            ),
+        );
     }
-}elsif ( $op eq 'delete_confirmed' ) {
-    MoveMemberToDeleted($member);
-    C4::Members::HandleDelBorrower($member);
-    DelMember($member);
+} elsif ( $op eq 'delete_confirmed' ) {
+
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf({
+            id     => C4::Context->userenv->{id},
+            secret => md5_base64( C4::Context->config('pass') ),
+            token  => scalar $input->param('csrf_token'),
+        });
+    my $patron = Koha::Patrons->find( $member );
+    $patron->move_to_deleted;
+    $patron->delete;
     # TODO Tell the user everything went ok
     print $input->redirect("/cgi-bin/koha/members/members-home.pl");
+    exit 0; # Exit without error
 }
 
 output_html_with_http_headers $input, $cookie, $template->output;
-
KOHA@FFZG based on git://git.koha.org/pub/scm/koha.git