# This file is part of Koha.
#
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
#
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along
-# with Koha; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
#
-use strict;
-use warnings;
+use Modern::Perl;
-use CGI;
-use C4::Auth;
-use C4::Circulation;
+use CGI qw ( -utf8 );
+use C4::Auth qw( check_api_auth check_cookie_auth );
+use C4::Circulation qw( AddOfflineOperation ProcessOfflineOperation );
+use Koha::DateUtils qw( dt_from_string );
+use DateTime::TimeZone;
my $cgi = CGI->new;
+# used by the KOCT firefox extension
+# (or any third-party that doesn't want to rely on cookies for authentication)
+my $nocookie = $cgi->param('nocookie') || 0;
+
# get the status of the user, this will check his credentials and rights
my ($status, $cookie, $sessionId) = C4::Auth::check_api_auth($cgi, undef);
+($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie);
my $result;
if ($status eq 'ok') { # if authentication is ok
+
+ my $userid = $cgi->param('userid') || '';
+ my $branchcode = $cgi->param('branchcode') || '';
+ my $timestamp = $cgi->param('timestamp') || '';
+ my $action = $cgi->param('action') || '';
+ my $barcode = $cgi->param('barcode') || '';
+ my $amount = $cgi->param('amount') || 0;
+ $barcode =~ s/^\s+//;
+ $barcode =~ s/\s+$//;
+ my $cardnumber = $cgi->param('cardnumber') || '';
+ $cardnumber =~ s/^\s+//;
+ $cardnumber =~ s/\s+$//;
+
+ # KOCT send UTC timestamp, it should be converted to local timezone
+ my $dt = dt_from_string($timestamp, 'iso', DateTime::TimeZone->new(name => 'UTC'));
+ $dt->set_time_zone(C4::Context->tz);
+ $timestamp = $dt->ymd('-') . ' ' . $dt->hms(':');
+
if ( $cgi->param('pending') eq 'true' ) { # if the 'pending' flag is true, we store the operation in the db instead of directly processing them
$result = AddOfflineOperation(
- $cgi->param('userid') || '',
- $cgi->param('branchcode') || '',
- $cgi->param('timestamp') || '',
- $cgi->param('action') || '',
- $cgi->param('barcode') || '',
- $cgi->param('cardnumber') || '',
+ $userid,
+ $branchcode,
+ $timestamp,
+ $action,
+ $barcode,
+ $cardnumber,
+ $amount
);
} else {
$result = ProcessOfflineOperation(
{
- 'userid' => $cgi->param('userid'),
- 'branchcode' => $cgi->param('branchcode'),
- 'timestamp' => $cgi->param('timestamp'),
- 'action' => $cgi->param('action'),
- 'barcode' => $cgi->param('barcode'),
- 'cardnumber' => $cgi->param('cardnumber'),
+ 'userid' => $userid,
+ 'branchcode' => $branchcode,
+ 'timestamp' => $timestamp,
+ 'action' => $action,
+ 'barcode' => $barcode,
+ 'cardnumber' => $cardnumber,
+ 'amount' => $amount
}
);
}
-} else {
- $result = "Authentication failed."
+
+ print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8');
+ print $result;
+ exit;
}
-print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8');
+print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8', '-status' => '401 Unauthorized');
print $result;