[Koha-bugs] [Bug 8753] Add forgot password link to OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 11 18:59:02 CET 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8753
simith.doliveira at inlibro.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #34472|0 |1
is obsolete| |
--- Comment #76 from simith.doliveira at inlibro.com ---
Comment on attachment 34472
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=34472
SQL code in the .pl files removed. New .pm and .t files created.
>From b775b68292a4c9757f7d0b93d2675d9165c18cc4 Mon Sep 17 00:00:00 2001
>From: simith <simith at inlibro.com>
>Date: Tue, 16 Dec 2014 13:22:26 -0500
>Subject: [PATCH] SQL code in the .pl files removed. New .pm and .t files
> created.
>
>http://bugs.koha-community.org/show_bug.cgi?id=8753
>---
> C4/Passwordrecovery.pm | 159 +++++++++++++++++++++
> .../data/mysql/en/mandatory/sample_notices.sql | 2 +-
> opac/opac-password-recovery.pl | 100 ++-----------
> 3 files changed, 173 insertions(+), 88 deletions(-)
> create mode 100644 C4/Passwordrecovery.pm
>
>diff --git a/C4/Passwordrecovery.pm b/C4/Passwordrecovery.pm
>new file mode 100644
>index 0000000..f1b26e9
>--- /dev/null
>+++ b/C4/Passwordrecovery.pm
>@@ -0,0 +1,159 @@
>+package C4::Passwordrecovery;
>+
>+# Copyright 2014 PTFS Europe
>+#
>+# This file is part of Koha.
>+#
>+# Koha is free software; you can redistribute it and/or modify it
>+# under the terms of the GNU General Public License as published by
>+# the Free Software Foundation; either version 3 of the License, or
>+# (at your option) any later version.
>+#
>+# Koha is distributed in the hope that it will be useful, but
>+# WITHOUT ANY WARRANTY; without even the implied warranty of
>+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>+# GNU General Public License for more details.
>+#
>+# You should have received a copy of the GNU General Public License
>+# along with Koha; if not, see <http://www.gnu.org/licenses>.
>+
>+use Modern::Perl;
>+use C4::Context;
>+
>+use vars qw($VERSION @ISA @EXPORT);
>+
>+BEGIN {
>+ # set the version for version checking
>+ $VERSION = 3.07.00.049;
>+ require Exporter;
>+ @ISA = qw(Exporter);
>+ push @EXPORT, qw(
>+ &ValidateBorrowernumber
>+ &SendPasswordRecoveryEmail
>+ &GetValidLinkInfo
>+ );
>+}
>+
>+=head1 NAME
>+
>+C4::Passwordrecovery - Koha password recovery module
>+
>+=head1 SYNOPSIS
>+
>+use C4::Passwordrecovery;
>+
>+=head1 FUNCTIONS
>+
>+=head2 ValidateBorrowernumber
>+
>+$alread = ValidateBorrowernumber( $borrower_number );
>+
>+Check if the system already start recovery
>+
>+Returns true false
>+
>+=cut
>+
>+sub ValidateBorrowernumber {
>+ my ($borrower_number) = @_;
>+ my $schema = Koha::Database->new->schema;
>+
>+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->search(
>+ {
>+ borrowernumber => $borrower_number,
>+ valid_until => \'> NOW()'
>+ }, {
>+ columns => 'borrowernumber'
>+ });
>+
>+ if ($rs->next){
>+ return 1;
>+ }
>+
>+ return 0;
>+}
>+
>+=head2 GetValidLinkInfo
>+
>+ Check if the link is still valid and return some info.
>+
>+=cut
>+
>+sub GetValidLinkInfo {
>+ my ($uniqueKey) = @_;
>+ my $dbh = C4::Context->dbh;
>+ my $query = '
>+ SELECT borrower_password_recovery.borrowernumber, userid
>+ FROM borrower_password_recovery, borrowers
>+ WHERE borrowers.borrowernumber = borrower_password_recovery.borrowernumber
>+ AND NOW() < valid_until
>+ AND uuid = ?
>+ ';
>+ my $sth = $dbh->prepare($query);
>+ $sth->execute($uniqueKey);
>+ return $sth->fetchrow;
>+}
>+
>+=head2 SendPasswordRecoveryEmail
>+
>+ It creates an email using the templates and send it to the user, using the specified email
>+
>+=cut
>+
>+sub SendPasswordRecoveryEmail {
>+ my $borrower = shift; # from GetMember
>+ my $userEmail = shift; #to_address (the one specified in the request)
>+ my $protocol = shift; #only required to determine if 'http' or 'https'
>+ my $update = shift;
>+
>+ my $schema = Koha::Database->new->schema;
>+
>+ # generate UUID
>+ my @chars = ("A".."Z", "a".."z", "0".."9");
>+ my $uuid_str;
>+ $uuid_str .= $chars[rand @chars] for 1..32;
>+
>+ # insert into database
>+ my $expirydate = DateTime->now(time_zone => C4::Context->tz())->add( days => 2 );
>+ if($update){
>+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->search(
>+ {
>+ borrowernumber => $borrower->{'borrowernumber'},
>+ });
>+ $rs->update({uuid => $uuid_str, valid_until => $expirydate->datetime()});
>+ } else {
>+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->create({
>+ borrowernumber=>$borrower->{'borrowernumber'},
>+ uuid => $uuid_str,
>+ valid_until=> $expirydate->datetime()
>+ });
>+ }
>+
>+ # create link
>+ my $uuidLink = $protocol . C4::Context->preference( 'OPACBaseURL' ) . "/cgi-bin/koha/opac-password-recovery.pl?uniqueKey=$uuid_str";
>+
>+ # prepare the email
>+ my $letter = C4::Letters::GetPreparedLetter (
>+ module => 'members',
>+ letter_code => 'PASSWORD_RESET',
>+ branchcode => $borrower->{branchcode},
>+ substitute => {passwordreseturl => $uuidLink, user => $borrower->{userid} },
>+ );
>+
>+ # define to/from emails
>+ my $kohaEmail = C4::Context->preference( 'KohaAdminEmailAddress' ); # from
>+
>+ C4::Letters::EnqueueLetter( {
>+ letter => $letter,
>+ borrowernumber => $borrower->{borrowernumber},
>+ to_address => $userEmail,
>+ from_address => $kohaEmail,
>+ message_transport_type => 'email',
>+ } );
>+
>+ return 1;
>+}
>+
>+END { } # module clean-up code here (global destructor)
>+
>+1;
>\ No newline at end of file
>diff --git a/installer/data/mysql/en/mandatory/sample_notices.sql b/installer/data/mysql/en/mandatory/sample_notices.sql
>index 37e9d9f..67c8b34 100644
>--- a/installer/data/mysql/en/mandatory/sample_notices.sql
>+++ b/installer/data/mysql/en/mandatory/sample_notices.sql
>@@ -144,5 +144,5 @@ Your library.'
> );
>
> INSERT INTO `letter` (module, code, branchcode, name, is_html, title, content, message_transport_type)
>-VALUES ('members','PASSWORD_RESET','','Online password reset',1,'Koha password recovery','<html>\r\n<p>This email has been sent in response to your password recovery request for the account <strong><< borrowers.userid>></strong>.\r\n</p>\r\n<p>\r\nYou can now create your new password using the following link:\r\n<br/><a href=\"<<passwordreseturl>>\"><<passwordreseturl>></a>\r\n</p>\r\n<p>This link will be valid for 2 days from this email\'s reception, then you must reapply if you do not change your password.</p>\r\n<p>Thank you.</p>\r\n</html>\r\n','email'
>+VALUES ('members','PASSWORD_RESET','','Online password reset',1,'Koha password recovery','<html>\r\n<p>This email has been sent in response to your password recovery request for the account <strong><<user>></strong>.\r\n</p>\r\n<p>\r\nYou can now create your new password using the following link:\r\n<br/><a href=\"<<passwordreseturl>>\"><<passwordreseturl>></a>\r\n</p>\r\n<p>This link will be valid for 2 days from this email\'s reception, then you must reapply if you do not change your password.</p>\r\n<p>Thank you.</p>\r\n</html>\r\n','email'
> );
>diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl
>index 27c8ea6..b5cd2c2 100755
>--- a/opac/opac-password-recovery.pl
>+++ b/opac/opac-password-recovery.pl
>@@ -9,6 +9,7 @@ use C4::Koha;
> use C4::Members qw(changepassword GetMember GetMemberDetails );
> use C4::Output;
> use C4::Context;
>+use C4::Passwordrecovery qw(SendPasswordRecoveryEmail ValidateBorrowernumber GetValidLinkInfo);
> use Koha::AuthUtils qw(hash_password);
> my $query = new CGI;
> use HTML::Entities;
>@@ -44,11 +45,8 @@ my $errLinkNotValid;
> my $errPassNotMatch;
> my $errPassTooShort;
>
>-my $dbh = C4::Context->dbh;
>-
> if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
>- #send mail + confirmation
>-
>+ my $protocol = $query->https() ? "https://" : "http://";
> #try with the main email
> $email ||= ''; # avoid undef
> my $borrower_infos = GetMember( email => $email );
>@@ -63,11 +61,9 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
> $errNoEmailFound = 1;
> }
> elsif ( !$query->param('resendEmail') ) {
>- my $sth = $dbh->prepare(
>-"SELECT borrowernumber FROM borrower_password_recovery WHERE NOW() < valid_until AND borrowernumber = ?"
>- );
>- $sth->execute($borrower_number);
>- if ( my $already = $sth->fetchrow ) {
>+ my $already = ValidateBorrowernumber( $borrower_number );
>+
>+ if ( $already ) {
> $hasError = 1;
> $errAlreadyStartRecovery = 1;
> }
>@@ -82,7 +78,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
> email => HTML::Entities::encode($email),
> );
> }
>- elsif ( SendPasswordRecoveryEmail( $borrower_infos, $email, $query, $query->param('resendEmail') ) ) {#generate uuid and send recovery email
>+ elsif ( SendPasswordRecoveryEmail( $borrower_infos, $email, $protocol, $query->param('resendEmail') ) ) {#generate uuid and send recovery email
> $template->param(
> mail_sent => 1,
> email => $email
>@@ -96,18 +92,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
> }
> }
> elsif ( $query->param('passwordReset') ) {
>- #new password form
>- #check if the link is still valid
>- my $sth = $dbh->prepare(
>- "SELECT borrower_password_recovery.borrowernumber, userid
>- FROM borrower_password_recovery, borrowers
>- WHERE borrowers.borrowernumber = borrower_password_recovery.borrowernumber
>- AND NOW() < valid_until
>- AND uuid = ?"
>- );
>- $sth->execute($uniqueKey);
>- ( $borrower_number, $username ) = $sth->fetchrow;
>-
>+ ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
> #validate password length & match
> if ( ($borrower_number)
> && ( $password eq $repeatPassword )
>@@ -116,8 +101,9 @@ elsif ( $query->param('passwordReset') ) {
> changepassword( $username, $borrower_number, hash_password($password) );
>
> #remove entry
>- my $sth = $dbh->prepare("DELETE FROM borrower_password_recovery WHERE uuid = ? or NOW() > valid_until");
>- $sth->execute($uniqueKey);
>+ my $schema = Koha::Database->new->schema;
>+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->search({-or => [uuid => $uniqueKey, valid_until => \'< NOW()']});
>+ $rs->delete;
>
> $template->param(
> password_reset_done => 1,
>@@ -148,19 +134,12 @@ elsif ( $query->param('passwordReset') ) {
> }
> elsif ($uniqueKey) { #reset password form
> #check if the link is valid
>- my $sth = $dbh->prepare(
>- "SELECT borrower_password_recovery.borrowernumber, userid
>- FROM borrower_password_recovery, borrowers
>- WHERE borrowers.borrowernumber = borrower_password_recovery.borrowernumber
>- AND NOW() < valid_until
>- AND uuid = ?"
>- );
>- $sth->execute($uniqueKey);
>- ( $borrower_number, $username ) = $sth->fetchrow;
>+ ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
>+
> if ( !$borrower_number ) {
> $errLinkNotValid = 1;
> }
>-warn "INLIBRO username $username";
>+
> $template->param(
> new_password => 1,
> minPassLength => $minPassLength,
>@@ -175,56 +154,3 @@ else { #password recovery form (to send email)
> }
>
> output_html_with_http_headers $query, $cookie, $template->output;
>-
>-#
>-# It creates an email using the templates and send it to the user, using the specified email
>-#
>-sub SendPasswordRecoveryEmail {
>- my $borrower = shift; # from GetMember
>- my $userEmail = shift; #to_address (the one specified in the request)
>- my $query = shift; #only required to determine if 'http' or 'https'
>- my $update = shift;
>-
>- my $dbh = C4::Context->dbh;
>-
>- # generate UUID
>- my @chars = ("A".."Z", "a".."z", "0".."9");
>- my $uuid_str;
>- $uuid_str .= $chars[rand @chars] for 1..32;
>-
>- # insert into database
>- my $expirydate = DateTime->now(time_zone => C4::Context->tz())->add( days => 2 );
>- if($update){
>- my $sth = $dbh->prepare( 'UPDATE borrower_password_recovery set uuid=?, valid_until=? where borrowernumber=? ');
>- $sth->execute($uuid_str, $expirydate->datetime(), $borrower->{'borrowernumber'});
>- } else {
>- my $sth = $dbh->prepare( 'INSERT INTO borrower_password_recovery VALUES (?, ?, ?)');
>- $sth->execute($borrower->{'borrowernumber'}, $uuid_str, $expirydate->datetime());
>- }
>-
>- # create link
>- my $protocol = $query->https() ? "https://" : "http://";
>- my $uuidLink = $protocol . C4::Context->preference( 'OPACBaseURL' ) . "/cgi-bin/koha/opac-password-recovery.pl?uniqueKey=$uuid_str";
>-
>- # prepare the email
>- my $letter = C4::Letters::GetPreparedLetter (
>- module => 'members',
>- letter_code => 'PASSWORD_RESET',
>- branchcode => $borrower->{branchcode},
>- tables => {borrowers => $borrower},
>- substitute => {passwordreseturl => $uuidLink},
>- );
>-
>- # define to/from emails
>- my $kohaEmail = C4::Context->preference( 'KohaAdminEmailAddress' ); # from
>-
>- C4::Letters::EnqueueLetter( {
>- letter => $letter,
>- borrowernumber => $borrower->{'borrowernumber'},
>- to_address => $userEmail,
>- from_address => $kohaEmail,
>- message_transport_type => 'email',
>- } );
>-
>- return 1;
>-}
>--
>1.9.1
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list