Bug 14423: XSS bug in lateorders
[koha.git] / C4 / Stats.pm
blobc0c3514428dc697f58ccfe57b107440c87087c94
1 package C4::Stats;
4 # Copyright 2000-2002 Katipo Communications
6 # This file is part of Koha.
8 # Koha is free software; you can redistribute it and/or modify it
9 # under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # Koha is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use strict;
22 use warnings;
23 require Exporter;
24 use Carp;
25 use C4::Context;
26 use C4::Debug;
27 use vars qw($VERSION @ISA @EXPORT);
29 our $debug;
31 BEGIN {
32 # set the version for version checking
33 $VERSION = 3.07.00.049;
34 @ISA = qw(Exporter);
35 @EXPORT = qw(
36 &UpdateStats
37 &TotalPaid
42 =head1 NAME
44 C4::Stats - Update Koha statistics (log)
46 =head1 SYNOPSIS
48 use C4::Stats;
50 =head1 DESCRIPTION
52 The functions of this module deals with statistics table of Koha database.
54 =head1 FUNCTIONS
56 =head2 UpdateStats
58 &UpdateStats($params);
60 Adds an entry to the statistics table in the Koha database, which acts as an activity log.
62 C<$params> is an hashref whose expected keys are:
63 branch : the branch where the transaction occurred
64 type : the type of transaction (renew, issue, localuse, return, writeoff, payment
65 itemnumber : the itemnumber of the item
66 borrowernumber : the borrowernumber of the patron
67 amount : the amount of the transaction
68 other : sipmode
69 itemtype : the type of the item
70 accountno : the count
71 ccode : the collection code of the item
73 type key is mandatory.
74 For types used in C4::Circulation (renew,issue,localuse,return), the following other keys are mandatory:
75 branch, borrowernumber, itemnumber, ccode, itemtype
76 For types used in C4::Accounts (writeoff, payment), the following other keys are mandatory:
77 branch, borrowernumber, itemnumber, ccode, itemtype
78 If an optional key is not provided, the value '' is used for this key.
80 Returns undef if no C<$param> is given
82 =cut
84 sub UpdateStats {
85 my ($params) = @_;
86 # make some controls
87 return () if ! defined $params;
88 # change these arrays if new types of transaction or new parameters are allowed
89 my @allowed_keys = qw (type branch amount other itemnumber itemtype borrowernumber accountno ccode);
90 my @allowed_circulation_types = qw (renew issue localuse return onsite_checkout);
91 my @allowed_accounts_types = qw (writeoff payment);
92 my @circulation_mandatory_keys = qw (type branch borrowernumber itemnumber ccode itemtype);
93 my @accounts_mandatory_keys = qw (type branch borrowernumber amount);
95 my @mandatory_keys = ();
96 if (! exists $params->{type} or ! defined $params->{type}) {
97 croak ("UpdateStats did not received type param");
99 if (grep ($_ eq $params->{type}, @allowed_circulation_types )) {
100 @mandatory_keys = @circulation_mandatory_keys;
101 } elsif (grep ($_ eq $params->{type}, @allowed_accounts_types )) {
102 @mandatory_keys = @accounts_mandatory_keys;
103 } else {
104 croak ("UpdateStats received forbidden type param: ".$params->{type});
106 my @missing_params = ();
107 for my $mykey (@mandatory_keys ) {
108 push @missing_params, $mykey if !grep (/^$mykey/, keys %$params);
110 if (scalar @missing_params > 0 ) {
111 croak ("UpdateStats did not received mandatory param(s): ".join (", ",@missing_params ));
113 my @invalid_params = ();
114 for my $myparam (keys %$params ) {
115 push @invalid_params, $myparam unless grep (/^$myparam$/, @allowed_keys);
117 if (scalar @invalid_params > 0 ) {
118 croak ("UpdateStats received invalid param(s): ".join (", ",@invalid_params ));
120 # get the parameters
121 my $branch = $params->{branch};
122 my $type = $params->{type};
123 my $borrowernumber = exists $params->{borrowernumber} ? $params->{borrowernumber} :'';
124 my $itemnumber = exists $params->{itemnumber} ? $params->{itemnumber} :'';
125 my $amount = exists $params->{amount} ? $params->{amount} :'';
126 my $other = exists $params->{other} ? $params->{other} :'';
127 my $itemtype = exists $params->{itemtype} ? $params->{itemtype} :'';
128 my $accountno = exists $params->{accountno} ? $params->{accountno} :'';
129 my $ccode = exists $params->{ccode} ? $params->{ccode} :'';
131 my $dbh = C4::Context->dbh;
132 my $sth = $dbh->prepare(
133 "INSERT INTO statistics
134 (datetime,
135 branch, type, value,
136 other, itemnumber, itemtype,
137 borrowernumber, proccode, ccode)
138 VALUES (now(),?,?,?,?,?,?,?,?,?)"
140 $sth->execute(
141 $branch, $type, $amount,
142 $other, $itemnumber, $itemtype,
143 $borrowernumber, $accountno, $ccode
147 =head2 TotalPaid
149 @total = &TotalPaid ( $time, [$time2], [$spreadsheet ]);
151 Returns an array containing the payments and writeoffs made between two dates
152 C<$time> and C<$time2>, or on a specific one, or from C<$time> onwards.
154 C<$time> param is mandatory.
155 If C<$time> eq 'today', returns are limited to the current day
156 If C<$time2> eq '', results are returned from C<$time> onwards.
157 If C<$time2> is undef, returns are limited to C<$time>
158 C<$spreadsheet> param is optional and controls the sorting of the results.
160 Returns undef if no param is given
162 =cut
164 sub TotalPaid {
165 my ( $time, $time2, $spreadsheet ) = @_;
166 return () unless (defined $time);
167 $time2 = $time unless $time2;
168 my $dbh = C4::Context->dbh;
169 my $query = "SELECT * FROM statistics
170 LEFT JOIN borrowers ON statistics.borrowernumber= borrowers.borrowernumber
171 WHERE (statistics.type='payment' OR statistics.type='writeoff') ";
172 if ( $time eq 'today' ) {
173 # FIXME wrong condition. Now() will not get all the payments of the day but of a specific timestamp
174 $query .= " AND datetime = now()";
175 } else {
176 $query .= " AND datetime > '$time'"; # FIXME: use placeholders
178 if ( $time2 ne '' ) {
179 $query .= " AND datetime < '$time2'"; # FIXME: use placeholders
181 # FIXME if $time2 is undef, query will be "AND datetime > $time AND AND datetime < $time"
182 # Operators should probably be <= and >=
183 if ($spreadsheet) {
184 $query .= " ORDER BY branch, type";
186 $debug and warn "TotalPaid query: $query";
187 my $sth = $dbh->prepare($query);
188 $sth->execute();
189 return @{$sth->fetchall_arrayref({})};
193 __END__
195 =head1 AUTHOR
197 Koha Development Team <http://koha-community.org/>
199 =cut