search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 19911: Do not escape html characters when saving passwords
[koha.git] / members / paycollect.pl
blob6e2fe679a0892c52de62c9395f8239dfb14246b3
1 #!/usr/bin/perl
2 # Copyright 2009,2010 PTFS Inc.
3 # Copyright 2011 PTFS-Europe Ltd
4 #
5 # This file is part of Koha.
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 use strict;
21 use warnings;
22 use URI::Escape;
23 use C4::Context;
24 use C4::Auth;
25 use C4::Output;
26 use CGI qw ( -utf8 );
27 use C4::Members;
28 use C4::Members::Attributes qw(GetBorrowerAttributes);
29 use C4::Accounts;
30 use C4::Koha;
31 use Koha::Patron::Images;
32 use Koha::Patrons;
33 use Koha::Account;
34 use Koha::Token;
35
36 use Koha::Patron::Categories;
37
38 my $input = CGI->new();
39
40 my $updatecharges_permissions = $input->param('writeoff_individual') ? 'writeoff' : 'remaining_permissions';
41 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
42 { template_name => 'members/paycollect.tt',
43 query => $input,
44 type => 'intranet',
45 authnotrequired => 0,
46 flagsrequired => { borrowers => 1, updatecharges => $updatecharges_permissions },
47 debug => 1,
48 }
49 );
50
51 # get borrower details
52 my $borrowernumber = $input->param('borrowernumber');
53 my $patron = Koha::Patrons->find( $borrowernumber );
54 unless ( $patron ) {
55 print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
56 exit;
57 }
58 my $borrower = $patron->unblessed;
59 my $category = $patron->category;
60 $borrower->{description} = $category->description;
61 $borrower->{category_type} = $category->category_type;
62 my $user = $input->remote_user;
63
64 my $branch = C4::Context->userenv->{'branch'};
65
66 my ( $total_due, $accts, $numaccts ) = GetMemberAccountRecords($borrowernumber);
67 my $total_paid = $input->param('paid');
68
69 my $individual = $input->param('pay_individual');
70 my $writeoff = $input->param('writeoff_individual');
71 my $select_lines = $input->param('selected');
72 my $select = $input->param('selected_accts');
73 my $payment_note = uri_unescape scalar $input->param('payment_note');
74 my $accountlines_id;
75
76 if ( $individual || $writeoff ) {
77 if ($individual) {
78 $template->param( pay_individual => 1 );
79 } elsif ($writeoff) {
80 $template->param( writeoff_individual => 1 );
81 }
82 my $accounttype = $input->param('accounttype');
83 $accountlines_id = $input->param('accountlines_id');
84 my $amount = $input->param('amount');
85 my $amountoutstanding = $input->param('amountoutstanding');
86 my $itemnumber = $input->param('itemnumber');
87 my $description = $input->param('description');
88 my $title = $input->param('title');
89 $total_due = $amountoutstanding;
90 $template->param(
91 accounttype => $accounttype,
92 accountlines_id => $accountlines_id,
93 amount => $amount,
94 amountoutstanding => $amountoutstanding,
95 title => $title,
96 itemnumber => $itemnumber,
97 individual_description => $description,
98 payment_note => $payment_note,
99 );
100 } elsif ($select_lines) {
101 $total_due = $input->param('amt');
102 $template->param(
103 selected_accts => $select_lines,
104 amt => $total_due,
105 selected_accts_notes => scalar $input->param('notes'),
106 );
107 }
108
109 if ( $total_paid and $total_paid ne '0.00' ) {
110 if ( $total_paid < 0 or $total_paid > $total_due ) {
111 $template->param(
112 error_over => 1,
113 total_due => $total_due
114 );
115 } else {
116 die "Wrong CSRF token"
117 unless Koha::Token->new->check_csrf( {
118 session_id => $input->cookie('CGISESSID'),
119 token => scalar $input->param('csrf_token'),
120 });
121
122 if ($individual) {
123 my $line = Koha::Account::Lines->find($accountlines_id);
124 Koha::Account->new( { patron_id => $borrowernumber } )->pay(
125 {
126 lines => [$line],
127 amount => $total_paid,
128 library_id => $branch,
129 note => $payment_note
130 }
131 );
132 print $input->redirect(
133 "/cgi-bin/koha/members/pay.pl?borrowernumber=$borrowernumber");
134 } else {
135 if ($select) {
136 if ( $select =~ /^([\d,]*).*/ ) {
137 $select = $1; # ensure passing no junk
138 }
139 my @acc = split /,/, $select;
140 my $note = $input->param('selected_accts_notes');
141
142 my @lines = Koha::Account::Lines->search(
143 {
144 borrowernumber => $borrowernumber,
145 amountoutstanding => { '<>' => 0 },
146 accountlines_id => { 'IN' => \@acc },
147 },
148 { order_by => 'date' }
149 );
150
151 Koha::Account->new(
152 {
153 patron_id => $borrowernumber,
154 }
155 )->pay(
156 {
157 amount => $total_paid,
158 lines => \@lines,
159 note => $note,
160 }
161 );
162 }
163 else {
164 my $note = $input->param('selected_accts_notes');
165 Koha::Account->new( { patron_id => $borrowernumber } )
166 ->pay( { amount => $total_paid, note => $note } );
167 }
168
169 print $input->redirect(
170 "/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber"
171 );
172 }
173 }
174 } else {
175 $total_paid = '0.00'; #TODO not right with pay_individual
176 }
177
178 borrower_add_additional_fields($borrower, $template);
179
180 $template->param(%$borrower);
181
182 $template->param(
183 borrowernumber => $borrowernumber, # some templates require global
184 borrower => $borrower,
185 categoryname => $borrower->{description},
186 total => $total_due,
187 ExtendedPatronAttributes => C4::Context->preference('ExtendedPatronAttributes'),
188
189 csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
190 );
191
192 output_html_with_http_headers $input, $cookie, $template->output;
193
194 sub borrower_add_additional_fields {
195 my ( $b_ref, $template ) = @_;
196
197 # some borrower info is not returned in the standard call despite being assumed
198 # in a number of templates. It should not be the business of this script but in lieu of
199 # a revised api here it is ...
200 if ( $b_ref->{category_type} eq 'C' ) {
201 my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
202 $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
203 $template->param( 'catcode' => $patron_categories->next->categorycode ) if $patron_categories->count == 1;
204 } elsif ( $b_ref->{category_type} eq 'A' || $b_ref->{category_type} eq 'I' ) {
205 $b_ref->{adultborrower} = 1;
206 }
207
208 my $patron_image = Koha::Patron::Images->find($b_ref->{borrowernumber});
209 $template->param( picture => 1 ) if $patron_image;
210
211 if (C4::Context->preference('ExtendedPatronAttributes')) {
212 $b_ref->{extendedattributes} = GetBorrowerAttributes($b_ref->{borrowernumber});
213 }
214
215 return;
216 }
Koha ILS