[Koha-bugs] [Bug 1861] Unique patrons logins not (totally) enforced
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Dec 30 03:33:52 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=1861
--- Comment #26 from Chris Cormack <chris at bigballofwax.co.nz> ---
There is massive issue with this
Specifically the Fix Check_Userid
sub Check_Userid {
- my ($uid,$member) = @_;
- my $dbh = C4::Context->dbh;
- my $sth =
- $dbh->prepare(
- "SELECT * FROM borrowers WHERE userid=? AND borrowernumber != ?");
- $sth->execute( $uid, $member );
- if ( (( $uid ne '' ) && ( my $row = $sth->fetchrow_hashref )) or
- (( $uid ne '' ) && ( $uid eq C4::Context->config('user') )) ) {
- return 0;
- }
- else {
- return 1;
- }
+ my ( $uid, $borrowernumber ) = @_;
+
+ return 1 unless ($uid);
+
+ return 0 if ( $uid eq C4::Context->config('user') );
+
+ my $rs = Koha::Database->new()->schema()->resultset('Borrower');
+
+ my $params;
+ $params->{userid} = $uid;
+ $params->{borrowernumber} = { '!=' => $borrowernumber } if
($borrowernumber);
+
+ my $count = $rs->count( $params );
+
+ return $count ? 0 : 1;
}
So we return 1 if it's unique.
Then we did this
- $data{'userid'} = Generate_Userid($data{'borrowernumber'},
$data{'firstname'}, $data{'surname'}) if $data{'userid'} eq '';
+ $data{'userid'} = Generate_Userid( $data{'borrowernumber'},
$data{'firstname'}, $data{'surname'} )
+ if ( $data{'userid'} eq '' || Check_Userid( $data{'userid'} ) );
Which says essentially, if it is unique .. don't use it, if it isn't unique ..
then use it. (and the db insert then fails).
So we can insert borrowers who have a unique userid, but it will never use that
userid it will generate one.
Quite broken. Patch to follow
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list