search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 19061: Avoid SQL Injection vulnerability
[koha.git] / installer / onboarding.pl
blob8b032c999b2d1a30ec55b6fa288448f5b7b1a9e9
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 #
5 # Copyright (C) 2017 Catalyst IT
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 use Modern::Perl;
21 use C4::Context;
22 use C4::InstallAuth;
23 use CGI qw ( -utf8 );
24 use C4::Output;
25 use C4::Members;
26 use Koha::Patrons;
27 use Koha::Libraries;
28 use Koha::Database;
29 use Koha::DateUtils;
30 use Koha::Patron::Categories;
31 use Koha::Patron::Category;
32 use Koha::ItemTypes;
33 use Koha::IssuingRule;
34 use Koha::IssuingRules;
35
36 #Setting variables
37 my $input = new CGI;
38
39 unless ( C4::Context->preference('Version') ) {
40 print $input->redirect("/cgi-bin/koha/installer/install.pl");
41 exit;
42 }
43
44 my ( $user, $cookie, $sessionID, $flags ) =
45 C4::InstallAuth::checkauth( $input, 0, undef, 'intranet' );
46 die "Not logged in"
47 unless $user
48 ; # Should not happen, we should be redirect if the user is not logged in. But do not trust authentication...
49
50 my $step = $input->param('step') || 1;
51 my $op = $input->param('op') || '';
52
53 my $template_params = {};
54 $template_params->{op} = $op;
55
56 my $schema = Koha::Database->new()->schema();
57
58 my @messages;
59
60 if ( $step == 1 ) {
61
62 if ( $op eq 'add_validate_library' ) {
63
64 my $branchcode = $input->param('branchcode');
65 $branchcode = uc($branchcode);
66
67 $branchcode =~ s|\s||g
68 ; # Use a regular expression to check the value of the inputted branchcode
69
70 my $library = Koha::Library->new(
71 {
72 branchcode => $branchcode,
73 branchname => scalar $input->param('branchname'),
74 }
75 );
76
77 eval { $library->store; };
78 unless ($@) {
79 push @messages, { code => 'success_on_insert_library' };
80 }
81 else {
82 push @messages, { code => 'error_on_insert_library' };
83 }
84 }
85
86 $step++ if Koha::Libraries->count;
87 }
88 if ( $step == 2 ) {
89 if ( $op eq "add_validate_category" ) {
90
91 my $searchfield = $input->param('description') // q||;
92 my $categorycode = $input->param('categorycode');
93 my $category;
94 $template_params->{categorycode} = $categorycode;
95
96 $categorycode = $input->param('categorycode');
97 my $description = $input->param('description');
98 my $overduenoticerequired = $input->param('overduenoticerequired');
99 my $category_type = $input->param('category_type');
100 my $default_privacy = $input->param('default_privacy');
101 my $enrolmentperiod = $input->param('enrolmentperiod');
102 my $enrolmentperioddate = $input->param('enrolmentperioddate') || undef;
103
104 #Converts the string into a date format
105 if ($enrolmentperioddate) {
106 $enrolmentperioddate = output_pref(
107 {
108 dt => dt_from_string($enrolmentperioddate),
109 dateformat => 'DateTime',
110 dateonly => 1,
111 }
112 );
113 }
114
115 #Adds a new patron category to the database
116 $category = Koha::Patron::Category->new(
117 {
118 categorycode => $categorycode,
119 description => $description,
120 overduenoticerequired => $overduenoticerequired,
121 category_type => $category_type,
122 default_privacy => $default_privacy,
123 enrolmentperiod => $enrolmentperiod,
124 enrolmentperioddate => $enrolmentperioddate
125 }
126 );
127
128 eval { $category->store; };
129
130 unless ($@) {
131 push @messages, { code => 'success_on_insert_category' };
132 }
133 else {
134 push @messages, { code => 'error_on_insert_category' };
135 }
136 }
137
138 $step++ if Koha::Patron::Categories->count;
139 }
140 if ( $step == 3 ) {
141 if ( $op eq 'add_validate_patron' ) {
142
143 #Create a patron
144 my $firstpassword = $input->param('password') || '';
145 my $secondpassword = $input->param('password2') || '';
146 my $cardnumber = $input->param('cardnumber');
147 my $userid = $input->param('userid');
148
149 if ( my $error_code = checkcardnumber($cardnumber) ) {
150 if ( $error_code == 1 ) {
151 push @messages, { code => 'ERROR_cardnumber_already_exists' };
152 }
153 elsif ( $error_code == 2 ) {
154 push @messages, { code => 'ERROR_cardnumber_length' };
155 }
156 }
157 elsif ( $firstpassword ne $secondpassword ) {
158
159 push @messages, { code => 'ERROR_password_mismatch' };
160 }
161 else {
162
163 my $patron_data = {
164 surname => scalar $input->param('surname'),
165 firstname => scalar $input->param('firstname'),
166 cardnumber => scalar $input->param('cardnumber'),
167 branchcode => scalar $input->param('libraries'),
168 categorycode => scalar $input->param('categorycode_entry'),
169 userid => scalar $input->param('userid'),
170 password => scalar $input->param('password'),
171 password2 => scalar $input->param('password2'),
172 privacy => "default",
173 address => "",
174 city => "",
175 flags => 1, # Will be superlibrarian
176 };
177
178 my $patron_category =
179 Koha::Patron::Categories->find( $patron_data->{categorycode} );
180 $patron_data->{dateexpiry} =
181 $patron_category->get_expiry_date( $patron_data->{dateenrolled} );
182
183 my $borrowernumber = C4::Members::AddMember(%$patron_data);
184
185 #Error handling checking if the patron was created successfully
186 if ($borrowernumber) {
187 push @messages, { code => 'success_on_insert_patron' };
188 }
189 else {
190 push @messages, { code => 'error_on_insert_patron' };
191 }
192 }
193 }
194
195 $step++ if Koha::Patrons->search( { flags => 1 } )->count;
196 }
197 if ( $step == 4 ) {
198 if ( $op eq 'add_validate_itemtype' ) {
199 my $description = $input->param('description');
200 my $itemtype_code = $input->param('itemtype');
201 $itemtype_code = uc($itemtype_code);
202
203 my $itemtype = Koha::ItemType->new(
204 {
205 itemtype => $itemtype_code,
206 description => $description,
207 }
208 );
209 eval { $itemtype->store; };
210
211 unless ($@) {
212 push @messages, { code => 'success_on_insert_itemtype' };
213 }
214 else {
215 push @messages, { code => 'error_on_insert_itemtype' };
216 }
217 }
218
219 $step++ if Koha::ItemTypes->count;
220 }
221 if ( $step == 5 ) {
222
223 if ( $op eq 'add_validate_circ_rule' ) {
224
225 #If no libraries exist then set the $branch value to *
226 my $branch = $input->param('branch') || '*';
227
228 my $type = $input->param('type');
229 my $branchcode = $input->param('branch');
230 my $categorycode = $input->param('categorycode');
231 my $itemtype = $input->param('itemtype');
232 my $maxissueqty = $input->param('maxissueqty');
233 my $issuelength = $input->param('issuelength');
234 my $lengthunit = $input->param('lengthunit');
235 my $renewalsallowed = $input->param('renewalsallowed');
236 my $renewalperiod = $input->param('renewalperiod');
237 my $onshelfholds = $input->param('onshelfholds') || 0;
238 $maxissueqty =~ s/\s//g;
239 $maxissueqty = undef if $maxissueqty !~ /^\d+/;
240 $issuelength = $issuelength eq q{} ? undef : $issuelength;
241
242 my $params = {
243 branchcode => $branchcode,
244 categorycode => $categorycode,
245 itemtype => $itemtype,
246 maxissueqty => $maxissueqty,
247 renewalsallowed => $renewalsallowed,
248 renewalperiod => $renewalperiod,
249 issuelength => $issuelength,
250 lengthunit => $lengthunit,
251 onshelfholds => $onshelfholds,
252 };
253
254 my $issuingrule = Koha::IssuingRule->new($params);
255 eval { $issuingrule->store; };
256
257 unless ($@) {
258 push @messages, { code => 'success_on_insert_circ_rule' };
259 }
260 else {
261 push @messages, { code => 'error_on_insert_circ_rule' };
262 }
263 }
264
265 $step++ if Koha::IssuingRules->count;
266 }
267
268 my $libraries = Koha::Libraries->search( {}, { order_by => ['branchcode'] }, );
269 $template_params->{libraries} = $libraries;
270 $template_params->{group_types} = [
271 {
272 categorytype => 'searchdomain',
273 categories => [
274 Koha::LibraryCategories->search(
275 { categorytype => 'searchdomain' }
276 )
277 ],
278 },
279 {
280 categorytype => 'properties',
281 categories => [
282 Koha::LibraryCategories->search( { categorytype => 'properties' } )
283 ],
284 },
285 ];
286
287 if ( $step > 5 ) {
288 $template_params->{all_done} = 1; # If step 5 is complete, we are done!
289 $step = 5;
290 }
291
292 #Getting the appropriate template to display to the user
293 my ( $template, $loggedinuser );
294 ( $template, $loggedinuser, $cookie ) = C4::InstallAuth::get_template_and_user(
295 {
296 template_name => "onboarding/onboardingstep${step}.tt",
297 query => $input,
298 type => "intranet",
299 authnotrequired => 0,
300 debug => 1,
301 }
302 );
303
304 $template_params->{messages} = \@messages;
305 my $categories = Koha::Patron::Categories->search();
306 $template_params->{categories} = $categories;
307
308 my $itemtypes = Koha::ItemTypes->search();
309 $template_params->{itemtypes} = $itemtypes;
310
311 $template->param(%$template_params);
312
313 output_html_with_http_headers $input, $cookie, $template->output;
Koha ILS