http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8753
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #34472|0 |1 is obsolete| | --- Comment #76 from [email protected] --- Comment on attachment 34472 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=34472 SQL code in the .pl files removed. New .pm and .t files created. >From b775b68292a4c9757f7d0b93d2675d9165c18cc4 Mon Sep 17 00:00:00 2001 >From: simith <[email protected]> >Date: Tue, 16 Dec 2014 13:22:26 -0500 >Subject: [PATCH] SQL code in the .pl files removed. New .pm and .t files > created. > >http://bugs.koha-community.org/show_bug.cgi?id=8753 >--- > C4/Passwordrecovery.pm | 159 +++++++++++++++++++++ > .../data/mysql/en/mandatory/sample_notices.sql | 2 +- > opac/opac-password-recovery.pl | 100 ++----------- > 3 files changed, 173 insertions(+), 88 deletions(-) > create mode 100644 C4/Passwordrecovery.pm > >diff --git a/C4/Passwordrecovery.pm b/C4/Passwordrecovery.pm >new file mode 100644 >index 0000000..f1b26e9 >--- /dev/null >+++ b/C4/Passwordrecovery.pm >@@ -0,0 +1,159 @@ >+package C4::Passwordrecovery; >+ >+# Copyright 2014 PTFS Europe >+# >+# This file is part of Koha. >+# >+# Koha is free software; you can redistribute it and/or modify it >+# under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# Koha is distributed in the hope that it will be useful, but >+# WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with Koha; if not, see <http://www.gnu.org/licenses>. >+ >+use Modern::Perl; >+use C4::Context; >+ >+use vars qw($VERSION @ISA @EXPORT); >+ >+BEGIN { >+ # set the version for version checking >+ $VERSION = 3.07.00.049; >+ require Exporter; >+ @ISA = qw(Exporter); >+ push @EXPORT, qw( >+ &ValidateBorrowernumber >+ &SendPasswordRecoveryEmail >+ &GetValidLinkInfo >+ ); >+} >+ >+=head1 NAME >+ >+C4::Passwordrecovery - Koha password recovery module >+ >+=head1 SYNOPSIS >+ >+use C4::Passwordrecovery; >+ >+=head1 FUNCTIONS >+ >+=head2 ValidateBorrowernumber >+ >+$alread = ValidateBorrowernumber( $borrower_number ); >+ >+Check if the system already start recovery >+ >+Returns true false >+ >+=cut >+ >+sub ValidateBorrowernumber { >+ my ($borrower_number) = @_; >+ my $schema = Koha::Database->new->schema; >+ >+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->search( >+ { >+ borrowernumber => $borrower_number, >+ valid_until => \'> NOW()' >+ }, { >+ columns => 'borrowernumber' >+ }); >+ >+ if ($rs->next){ >+ return 1; >+ } >+ >+ return 0; >+} >+ >+=head2 GetValidLinkInfo >+ >+ Check if the link is still valid and return some info. >+ >+=cut >+ >+sub GetValidLinkInfo { >+ my ($uniqueKey) = @_; >+ my $dbh = C4::Context->dbh; >+ my $query = ' >+ SELECT borrower_password_recovery.borrowernumber, userid >+ FROM borrower_password_recovery, borrowers >+ WHERE borrowers.borrowernumber = borrower_password_recovery.borrowernumber >+ AND NOW() < valid_until >+ AND uuid = ? >+ '; >+ my $sth = $dbh->prepare($query); >+ $sth->execute($uniqueKey); >+ return $sth->fetchrow; >+} >+ >+=head2 SendPasswordRecoveryEmail >+ >+ It creates an email using the templates and send it to the user, using the >specified email >+ >+=cut >+ >+sub SendPasswordRecoveryEmail { >+ my $borrower = shift; # from GetMember >+ my $userEmail = shift; #to_address (the one specified in the request) >+ my $protocol = shift; #only required to determine if 'http' or 'https' >+ my $update = shift; >+ >+ my $schema = Koha::Database->new->schema; >+ >+ # generate UUID >+ my @chars = ("A".."Z", "a".."z", "0".."9"); >+ my $uuid_str; >+ $uuid_str .= $chars[rand @chars] for 1..32; >+ >+ # insert into database >+ my $expirydate = DateTime->now(time_zone => C4::Context->tz())->add( days >=> 2 ); >+ if($update){ >+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->search( >+ { >+ borrowernumber => $borrower->{'borrowernumber'}, >+ }); >+ $rs->update({uuid => $uuid_str, valid_until => >$expirydate->datetime()}); >+ } else { >+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->create({ >+ borrowernumber=>$borrower->{'borrowernumber'}, >+ uuid => $uuid_str, >+ valid_until=> $expirydate->datetime() >+ }); >+ } >+ >+ # create link >+ my $uuidLink = $protocol . C4::Context->preference( 'OPACBaseURL' ) . >"/cgi-bin/koha/opac-password-recovery.pl?uniqueKey=$uuid_str"; >+ >+ # prepare the email >+ my $letter = C4::Letters::GetPreparedLetter ( >+ module => 'members', >+ letter_code => 'PASSWORD_RESET', >+ branchcode => $borrower->{branchcode}, >+ substitute => {passwordreseturl => $uuidLink, user => >$borrower->{userid} }, >+ ); >+ >+ # define to/from emails >+ my $kohaEmail = C4::Context->preference( 'KohaAdminEmailAddress' ); # from >+ >+ C4::Letters::EnqueueLetter( { >+ letter => $letter, >+ borrowernumber => $borrower->{borrowernumber}, >+ to_address => $userEmail, >+ from_address => $kohaEmail, >+ message_transport_type => 'email', >+ } ); >+ >+ return 1; >+} >+ >+END { } # module clean-up code here (global destructor) >+ >+1; >\ No newline at end of file >diff --git a/installer/data/mysql/en/mandatory/sample_notices.sql >b/installer/data/mysql/en/mandatory/sample_notices.sql >index 37e9d9f..67c8b34 100644 >--- a/installer/data/mysql/en/mandatory/sample_notices.sql >+++ b/installer/data/mysql/en/mandatory/sample_notices.sql >@@ -144,5 +144,5 @@ Your library.' > ); > > INSERT INTO `letter` (module, code, branchcode, name, is_html, title, > content, message_transport_type) >-VALUES ('members','PASSWORD_RESET','','Online password reset',1,'Koha >password recovery','<html>\r\n<p>This email has been sent in response to your >password recovery request for the account <strong><< >borrowers.userid>></strong>.\r\n</p>\r\n<p>\r\nYou can now create your new >password using the following link:\r\n<br/><a >href=\"<<passwordreseturl>>\"><<passwordreseturl>></a>\r\n</p>\r\n<p>This link >will be valid for 2 days from this email\'s reception, then you must reapply >if you do not change your password.</p>\r\n<p>Thank >you.</p>\r\n</html>\r\n','email' >+VALUES ('members','PASSWORD_RESET','','Online password reset',1,'Koha >password recovery','<html>\r\n<p>This email has been sent in response to your >password recovery request for the account ><strong><<user>></strong>.\r\n</p>\r\n<p>\r\nYou can now create your new >password using the following link:\r\n<br/><a >href=\"<<passwordreseturl>>\"><<passwordreseturl>></a>\r\n</p>\r\n<p>This link >will be valid for 2 days from this email\'s reception, then you must reapply >if you do not change your password.</p>\r\n<p>Thank >you.</p>\r\n</html>\r\n','email' > ); >diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl >index 27c8ea6..b5cd2c2 100755 >--- a/opac/opac-password-recovery.pl >+++ b/opac/opac-password-recovery.pl >@@ -9,6 +9,7 @@ use C4::Koha; > use C4::Members qw(changepassword GetMember GetMemberDetails ); > use C4::Output; > use C4::Context; >+use C4::Passwordrecovery qw(SendPasswordRecoveryEmail ValidateBorrowernumber >GetValidLinkInfo); > use Koha::AuthUtils qw(hash_password); > my $query = new CGI; > use HTML::Entities; >@@ -44,11 +45,8 @@ my $errLinkNotValid; > my $errPassNotMatch; > my $errPassTooShort; > >-my $dbh = C4::Context->dbh; >- > if ( $query->param('sendEmail') || $query->param('resendEmail') ) { >- #send mail + confirmation >- >+ my $protocol = $query->https() ? "https://"; : "http://";; > #try with the main email > $email ||= ''; # avoid undef > my $borrower_infos = GetMember( email => $email ); >@@ -63,11 +61,9 @@ if ( $query->param('sendEmail') || >$query->param('resendEmail') ) { > $errNoEmailFound = 1; > } > elsif ( !$query->param('resendEmail') ) { >- my $sth = $dbh->prepare( >-"SELECT borrowernumber FROM borrower_password_recovery WHERE NOW() < >valid_until AND borrowernumber = ?" >- ); >- $sth->execute($borrower_number); >- if ( my $already = $sth->fetchrow ) { >+ my $already = ValidateBorrowernumber( $borrower_number ); >+ >+ if ( $already ) { > $hasError = 1; > $errAlreadyStartRecovery = 1; > } >@@ -82,7 +78,7 @@ if ( $query->param('sendEmail') || >$query->param('resendEmail') ) { > email => HTML::Entities::encode($email), > ); > } >- elsif ( SendPasswordRecoveryEmail( $borrower_infos, $email, $query, >$query->param('resendEmail') ) ) {#generate uuid and send recovery email >+ elsif ( SendPasswordRecoveryEmail( $borrower_infos, $email, $protocol, >$query->param('resendEmail') ) ) {#generate uuid and send recovery email > $template->param( > mail_sent => 1, > email => $email >@@ -96,18 +92,7 @@ if ( $query->param('sendEmail') || >$query->param('resendEmail') ) { > } > } > elsif ( $query->param('passwordReset') ) { >- #new password form >- #check if the link is still valid >- my $sth = $dbh->prepare( >- "SELECT borrower_password_recovery.borrowernumber, userid >- FROM borrower_password_recovery, borrowers >- WHERE borrowers.borrowernumber = >borrower_password_recovery.borrowernumber >- AND NOW() < valid_until >- AND uuid = ?" >- ); >- $sth->execute($uniqueKey); >- ( $borrower_number, $username ) = $sth->fetchrow; >- >+ ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); > #validate password length & match > if ( ($borrower_number) > && ( $password eq $repeatPassword ) >@@ -116,8 +101,9 @@ elsif ( $query->param('passwordReset') ) { > changepassword( $username, $borrower_number, hash_password($password) > ); > > #remove entry >- my $sth = $dbh->prepare("DELETE FROM borrower_password_recovery WHERE >uuid = ? or NOW() > valid_until"); >- $sth->execute($uniqueKey); >+ my $schema = Koha::Database->new->schema; >+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->search({-or >=> [uuid => $uniqueKey, valid_until => \'< NOW()']}); >+ $rs->delete; > > $template->param( > password_reset_done => 1, >@@ -148,19 +134,12 @@ elsif ( $query->param('passwordReset') ) { > } > elsif ($uniqueKey) { #reset password form > #check if the link is valid >- my $sth = $dbh->prepare( >- "SELECT borrower_password_recovery.borrowernumber, userid >- FROM borrower_password_recovery, borrowers >- WHERE borrowers.borrowernumber = >borrower_password_recovery.borrowernumber >- AND NOW() < valid_until >- AND uuid = ?" >- ); >- $sth->execute($uniqueKey); >- ( $borrower_number, $username ) = $sth->fetchrow; >+ ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); >+ > if ( !$borrower_number ) { > $errLinkNotValid = 1; > } >-warn "INLIBRO username $username"; >+ > $template->param( > new_password => 1, > minPassLength => $minPassLength, >@@ -175,56 +154,3 @@ else { #password recovery form (to send email) > } > > output_html_with_http_headers $query, $cookie, $template->output; >- >-# >-# It creates an email using the templates and send it to the user, using the >specified email >-# >-sub SendPasswordRecoveryEmail { >- my $borrower = shift; # from GetMember >- my $userEmail = shift; #to_address (the one specified in the request) >- my $query = shift; #only required to determine if 'http' or 'https' >- my $update = shift; >- >- my $dbh = C4::Context->dbh; >- >- # generate UUID >- my @chars = ("A".."Z", "a".."z", "0".."9"); >- my $uuid_str; >- $uuid_str .= $chars[rand @chars] for 1..32; >- >- # insert into database >- my $expirydate = DateTime->now(time_zone => C4::Context->tz())->add( days >=> 2 ); >- if($update){ >- my $sth = $dbh->prepare( 'UPDATE borrower_password_recovery set >uuid=?, valid_until=? where borrowernumber=? '); >- $sth->execute($uuid_str, $expirydate->datetime(), >$borrower->{'borrowernumber'}); >- } else { >- my $sth = $dbh->prepare( 'INSERT INTO borrower_password_recovery >VALUES (?, ?, ?)'); >- $sth->execute($borrower->{'borrowernumber'}, $uuid_str, >$expirydate->datetime()); >- } >- >- # create link >- my $protocol = $query->https() ? "https://"; : "http://";; >- my $uuidLink = $protocol . C4::Context->preference( 'OPACBaseURL' ) . >"/cgi-bin/koha/opac-password-recovery.pl?uniqueKey=$uuid_str"; >- >- # prepare the email >- my $letter = C4::Letters::GetPreparedLetter ( >- module => 'members', >- letter_code => 'PASSWORD_RESET', >- branchcode => $borrower->{branchcode}, >- tables => {borrowers => $borrower}, >- substitute => {passwordreseturl => $uuidLink}, >- ); >- >- # define to/from emails >- my $kohaEmail = C4::Context->preference( 'KohaAdminEmailAddress' ); # from >- >- C4::Letters::EnqueueLetter( { >- letter => $letter, >- borrowernumber => $borrower->{'borrowernumber'}, >- to_address => $userEmail, >- from_address => $kohaEmail, >- message_transport_type => 'email', >- } ); >- >- return 1; >-} >-- >1.9.1 -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
