Bug 12728: Add StatisticsFields to sysprefs.sql
[koha.git] / opac / opac-passwd.pl
blob2948eb3633758de9907c9c8bc0578dad00ea5db8
1 #!/usr/bin/perl
2 # This script lets the users change the passwords by themselves.
4 # (c) 2005 Universidad ORT Uruguay.
6 # This file is part of the extensions and enhacments made to koha by Universidad ORT Uruguay
8 # Koha is free software; you can redistribute it and/or modify it under the
9 # terms of the GNU General Public License as published by the Free Software
10 # Foundation; either version 2 of the License, or (at your option) any later
11 # version.
13 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
14 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
15 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License along
18 # with Koha; if not, write to the Free Software Foundation, Inc.,
19 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 use strict;
22 use warnings;
24 use CGI;
26 use C4::Auth; # checkauth, getborrowernumber.
27 use C4::Context;
28 use Digest::MD5 qw(md5_base64);
29 use C4::Circulation;
30 use C4::Members;
31 use C4::Output;
32 use Koha::AuthUtils qw(hash_password);
34 my $query = new CGI;
35 my $dbh = C4::Context->dbh;
37 my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
39 template_name => "opac-passwd.tt",
40 query => $query,
41 type => "opac",
42 authnotrequired => 0,
43 flagsrequired => { borrow => 1 },
44 debug => 1,
48 # get borrower information ....
49 my ( $borr ) = GetMemberDetails( $borrowernumber );
50 my $minpasslen = C4::Context->preference("minPasswordLength");
51 if ( C4::Context->preference("OpacPasswordChange") ) {
52 my $sth = $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?");
53 if ( $query->param('Oldkey')
54 && $query->param('Newkey')
55 && $query->param('Confirm') )
57 if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) {
58 if ( $query->param('Newkey') eq $query->param('Confirm')
59 && length( $query->param('Confirm') ) >= $minpasslen )
60 { # Record password
61 my $clave = hash_password( $query->param('Newkey') );
62 $sth->execute( $clave, $borrowernumber );
63 $template->param( 'password_updated' => '1' );
64 $template->param( 'borrowernumber' => $borrowernumber );
66 elsif ( $query->param('Newkey') ne $query->param('Confirm') ) {
67 $template->param( 'Ask_data' => '1' );
68 $template->param( 'Error_messages' => '1' );
69 $template->param( 'PassMismatch' => '1' );
71 elsif ( length( $query->param('Confirm') ) < $minpasslen ) {
72 $template->param( 'Ask_data' => '1' );
73 $template->param( 'Error_messages' => '1' );
74 $template->param( 'ShortPass' => '1' );
76 else {
77 $template->param( 'Error_messages' => '1' );
80 else {
81 $template->param( 'Ask_data' => '1' );
82 $template->param( 'Error_messages' => '1' );
83 $template->param( 'WrongPass' => '1' );
86 else {
88 # Called Empty, Ask for data.
89 $template->param( 'Ask_data' => '1' );
90 if (!$query->param('Oldkey') && ($query->param('Newkey') || $query->param('Confirm'))){
91 # Old password is empty but one of the others isnt
92 $template->param( 'Error_messages' => '1' );
93 $template->param( 'WrongPass' => '1' );
95 elsif ($query->param('Oldkey') && (!$query->param('Newkey') || !$query->param('Confirm'))){
96 # Oldpassword is entered but one of the other fields is empty
97 $template->param( 'Error_messages' => '1' );
98 $template->param( 'PassMismatch' => '1' );
102 $template->param(firstname => $borr->{'firstname'},
103 surname => $borr->{'surname'},
104 minpasslen => $minpasslen,
105 passwdview => 1,
108 output_html_with_http_headers $query, $cookie, $template->output;
110 sub goodkey {
111 my ( $dbh, $borrowernumber, $key ) = @_;
113 my $sth =
114 $dbh->prepare("SELECT password FROM borrowers WHERE borrowernumber=?");
115 $sth->execute($borrowernumber);
116 if ( $sth->rows ) {
117 my $hash;
118 my ($stored_hash) = $sth->fetchrow;
119 if ( substr($stored_hash,0,2) eq '$2') {
120 $hash = hash_password($key, $stored_hash);
121 } else {
122 $hash = md5_base64($key);
124 if ( $hash eq $stored_hash ) { return 1; }
125 else { return 0; }
127 else { return 0; }