search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 14187: (QA followup) Properly check DB structure before altering it
[koha.git] / tools / picture-upload.pl
bloba3b549e5030b095e253de21129b971d8e4784dc1
1 #!/usr/bin/perl
2 #
3 #
4 # This file is part of Koha.
5 #
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
10 #
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
18 #
19 #
20 #
21
22 use Modern::Perl;
23
24 use File::Temp;
25 use File::Copy;
26 use CGI qw ( -utf8 );
27 use GD;
28 use Digest::MD5 qw(md5_base64);
29 use Encode qw( encode );
30 use C4::Context;
31 use C4::Auth;
32 use C4::Output;
33 use C4::Members;
34 use C4::Debug;
35
36 use Koha::Patrons;
37 use Koha::Patron::Image;
38 use Koha::Patron::Images;
39 use Koha::Token;
40
41 my $input = new CGI;
42
43 my ($template, $loggedinuser, $cookie)
44 = get_template_and_user({template_name => "tools/picture-upload.tt",
45 query => $input,
46 type => "intranet",
47 authnotrequired => 0,
48 flagsrequired => { tools => 'batch_upload_patron_images'},
49 debug => 0,
50 });
51
52 our $filetype = $input->param('filetype') || '';
53 my $cardnumber = $input->param('cardnumber');
54 our $uploadfilename = $input->param('uploadfile') || '';
55 my $uploadfile = $input->upload('uploadfile');
56 my $borrowernumber = $input->param('borrowernumber');
57 my $op = $input->param('op') || '';
58
59 #FIXME: This code is really in the rough. The variables need to be re-scoped as the two subs depend on global vars to operate.
60 # Other parts of this code could be optimized as well, I think. Perhaps the file upload could be done with YUI's upload
61 # coded. -fbcit
62
63 $debug and warn "Params are: filetype=$filetype, cardnumber=$cardnumber, borrowernumber=$borrowernumber, uploadfile=$uploadfilename";
64
65 =head1 NAME
66
67 picture-upload.pl - Script for handling uploading of both single and bulk patronimages and importing them into the database.
68
69 =head1 SYNOPSIS
70
71 picture-upload.pl
72
73 =head1 DESCRIPTION
74
75 This script is called and presents the user with an interface allowing him/her to upload a single patron image or bulk patron images via a zip file.
76 Files greater than 100K will be refused. Images should be 140x200 pixels. If they are larger they will be auto-resized to comply.
77
78 =cut
79
80 $debug and warn "Operation requested: $op";
81
82 my ( $total, $handled, $tempfile, $tfh );
83 our @counts = ();
84 our %errors = ();
85
86 # Case is important in these operational values as the template must use case to be visually pleasing!
87 if ( ( $op eq 'Upload' ) && $uploadfile ) {
88
89 die "Wrong CSRF token"
90 unless Koha::Token->new->check_csrf({
91 id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
92 secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
93 token => scalar $input->param('csrf_token'),
94 });
95
96 my $dirname = File::Temp::tempdir( CLEANUP => 1 );
97 $debug and warn "dirname = $dirname";
98 my $filesuffix;
99 if ( $uploadfilename =~ m/(\..+)$/i ) {
100 $filesuffix = $1;
101 }
102 ( $tfh, $tempfile ) =
103 File::Temp::tempfile( SUFFIX => $filesuffix, UNLINK => 1 );
104 $debug and warn "tempfile = $tempfile";
105 my ( @directories, $results );
106
107 $errors{'NOTZIP'} = 1
108 if ( $uploadfilename !~ /\.zip$/i && $filetype =~ m/zip/i );
109 $errors{'NOWRITETEMP'} = 1 unless ( -w $dirname );
110 $errors{'EMPTYUPLOAD'} = 1 unless ( length($uploadfile) > 0 );
111
112 if (%errors) {
113 $template->param( ERRORS => [ \%errors ] );
114 output_html_with_http_headers $input, $cookie, $template->output;
115 exit;
116 }
117 while (<$uploadfile>) {
118 print $tfh $_;
119 }
120 close $tfh;
121 if ( $filetype eq 'zip' ) {
122 unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) {
123 $errors{'UZIPFAIL'} = $uploadfilename;
124 $template->param( ERRORS => [ \%errors ] );
125 # This error is fatal to the import, so bail out here
126 output_html_with_http_headers $input, $cookie, $template->output;
127 exit;
128 }
129 push @directories, "$dirname";
130 foreach my $recursive_dir (@directories) {
131 opendir RECDIR, $recursive_dir;
132 while ( my $entry = readdir RECDIR ) {
133 push @directories, "$recursive_dir/$entry"
134 if ( -d "$recursive_dir/$entry" and $entry !~ /^\./ );
135 $debug and warn "$recursive_dir/$entry";
136 }
137 closedir RECDIR;
138 }
139 foreach my $dir (@directories) {
140 $results = handle_dir( $dir, $filesuffix, $template );
141 $handled++ if $results == 1;
142 }
143 $total = scalar @directories;
144 }
145 else {
146 #if ($filetype eq 'zip' )
147 $results = handle_dir( $dirname, $filesuffix, $template, $cardnumber,
148 $tempfile );
149 $handled++ if $results == 1;
150 $total = 1;
151 }
152
153 if ( $results!=1 || %errors ) {
154 $template->param( ERRORS => [$results] );
155 }
156 else {
157 my $filecount;
158 map { $filecount += $_->{count} } @counts;
159 $debug and warn "Total directories processed: $total";
160 $debug and warn "Total files processed: $filecount";
161 $template->param(
162 TOTAL => $total,
163 HANDLED => $handled,
164 COUNTS => \@counts,
165 TCOUNTS => ( $filecount > 0 ? $filecount : undef ),
166 );
167 $template->param( borrowernumber => $borrowernumber )
168 if $borrowernumber;
169 }
170 }
171 elsif ( ( $op eq 'Upload' ) && !$uploadfile ) {
172 warn "Problem uploading file or no file uploaded.";
173 $template->param( cardnumber => $cardnumber );
174 $template->param( filetype => $filetype );
175 }
176 elsif ( $op eq 'Delete' ) {
177 die "Wrong CSRF token"
178 unless Koha::Token->new->check_csrf({
179 id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
180 secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
181 token => scalar $input->param('csrf_token'),
182 });
183
184 my $deleted = eval {
185 Koha::Patron::Images->find( $borrowernumber )->delete;
186 };
187 if ( $@ or not $deleted ) {
188 warn "Image for patron '$borrowernumber' has not been deleted";
189 }
190 }
191 if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
192 print $input->redirect(
193 "/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
194 }
195 else {
196 $template->param(
197 csrf_token => Koha::Token->new->generate_csrf({
198 id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
199 secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
200 }),
201 );
202 output_html_with_http_headers $input, $cookie, $template->output;
203 }
204
205 sub handle_dir {
206 my ( $dir, $suffix, $template, $cardnumber, $source ) = @_;
207 my ( %counts, %direrrors );
208 $debug and warn "Entering sub handle_dir; passed \$dir=$dir, \$suffix=$suffix";
209 if ( $suffix =~ m/zip/i ) {
210 # If we were sent a zip file, process any included data/idlink.txt files
211 my ( $file, $filename );
212 undef $cardnumber;
213 $debug and warn "Passed a zip file.";
214 opendir DIR, $dir;
215 while ( my $filename = readdir DIR ) {
216 $file = "$dir/$filename"
217 if ( $filename =~ m/datalink\.txt/i
218 || $filename =~ m/idlink\.txt/i );
219 }
220 unless ( open( FILE, $file ) ) {
221 warn "Opening $dir/$file failed!";
222 $direrrors{'OPNLINK'} = $file;
223 # This error is fatal to the import of this directory contents
224 # so bail and return the error to the caller
225 return \%direrrors;
226 }
227
228 while ( my $line = <FILE> ) {
229 $debug and warn "Reading contents of $file";
230 chomp $line;
231 $debug and warn "Examining line: $line";
232 my $delim = ( $line =~ /\t/ ) ? "\t" : ( $line =~ /,/ ) ? "," : "";
233 $debug and warn "Delimeter is \'$delim\'";
234 unless ( $delim eq "," || $delim eq "\t" ) {
235 warn "Unrecognized or missing field delimeter. Please verify that you are using either a ',' or a 'tab'";
236 $direrrors{'DELERR'} = 1;
237 # This error is fatal to the import of this directory contents
238 # so bail and return the error to the caller
239 return \%direrrors;
240 }
241 ( $cardnumber, $filename ) = split $delim, $line;
242 $cardnumber =~ s/[\"\r\n]//g; # remove offensive characters
243 $filename =~ s/[\"\r\n\s]//g;
244 $debug and warn "Cardnumber: $cardnumber Filename: $filename";
245 $source = "$dir/$filename";
246 %counts = handle_file( $cardnumber, $source, $template, %counts );
247 }
248 close FILE;
249 closedir DIR;
250 }
251 else {
252 %counts = handle_file( $cardnumber, $source, $template, %counts );
253 }
254 push @counts, \%counts;
255 return 1;
256 }
257
258 sub handle_file {
259 my ( $cardnumber, $source, $template, %count ) = @_;
260 $debug and warn "Entering sub handle_file; passed \$cardnumber=$cardnumber, \$source=$source";
261 $count{filenames} = () if !$count{filenames};
262 $count{source} = $source if !$count{source};
263 $count{count} = 0 unless exists $count{count};
264 my %filerrors;
265 my $filename;
266 if ( $filetype eq 'image' ) {
267 $filename = $uploadfilename;
268 }
269 else {
270 $filename = $1 if ( $source && $source =~ /\/([^\/]+)$/ );
271 }
272 if ( $cardnumber && $source ) {
273 # Now process any imagefiles
274 $debug and warn "Source: $source";
275 my $size = ( stat($source) )[7];
276 if ( $size > 550000 ) {
277 # This check is necessary even with image resizing to avoid possible security/performance issues...
278 $filerrors{'OVRSIZ'} = 1;
279 push my @filerrors, \%filerrors;
280 push @{ $count{filenames} },
281 {
282 filerrors => \@filerrors,
283 source => $filename,
284 cardnumber => $cardnumber
285 };
286 $template->param( ERRORS => 1 );
287 # this one is fatal so bail here...
288 return %count;
289 }
290 my ( $srcimage, $image );
291 if ( open( IMG, "$source" ) ) {
292 $srcimage = GD::Image->new(*IMG);
293 close(IMG);
294 if ( defined $srcimage ) {
295 my $imgfile;
296 my $mimetype = 'image/png';
297 # GD autodetects three basic image formats: PNG, JPEG, XPM
298 # we will convert all to PNG which is lossless...
299 # Check the pixel size of the image we are about to import...
300 my ( $width, $height ) = $srcimage->getBounds();
301 $debug and warn "$filename is $width pix X $height pix.";
302 if ( $width > 200 || $height > 300 ) {
303 # MAX pixel dims are 200 X 300...
304 $debug and warn "$filename exceeds the maximum pixel dimensions of 200 X 300. Resizing...";
305 # Percent we will reduce the image dimensions by...
306 my $percent_reduce;
307 if ( $width > 200 ) {
308 # If the width is oversize, scale based on width overage...
309 $percent_reduce = sprintf( "%.5f", ( 140 / $width ) );
310 }
311 else {
312 # otherwise scale based on height overage.
313 $percent_reduce = sprintf( "%.5f", ( 200 / $height ) );
314 }
315 my $width_reduce =
316 sprintf( "%.0f", ( $width * $percent_reduce ) );
317 my $height_reduce =
318 sprintf( "%.0f", ( $height * $percent_reduce ) );
319 $debug
320 and warn "Reducing $filename by "
321 . ( $percent_reduce * 100 )
322 . "\% or to $width_reduce pix X $height_reduce pix";
323 #'1' creates true color image...
324 $image = GD::Image->new( $width_reduce, $height_reduce, 1 );
325 $image->copyResampled( $srcimage, 0, 0, 0, 0, $width_reduce,
326 $height_reduce, $width, $height );
327 $imgfile = $image->png();
328 $debug
329 and warn "$filename is "
330 . length($imgfile)
331 . " bytes after resizing.";
332 undef $image;
333 undef $srcimage; # This object can get big...
334 }
335 else {
336 $image = $srcimage;
337 $imgfile = $image->png();
338 $debug
339 and warn "$filename is " . length($imgfile) . " bytes.";
340 undef $image;
341 undef $srcimage; # This object can get big...
342 }
343 $debug and warn "Image is of mimetype $mimetype";
344 my $dberror;
345 if ($mimetype) {
346 my $patron = Koha::Patrons->find({ cardnumber => $cardnumber });
347 if ( $patron ) {
348 my $image = $patron->image;
349 $image ||= Koha::Patron::Image->new({ borrowernumber => $patron->borrowernumber });
350 $image->set({
351 mimetype => $mimetype,
352 imagefile => $imgfile,
353 });
354 eval { $image->store };
355 if ( $@ ) {
356 # Errors from here on are fatal only to the import of a particular image
357 #so don't bail, just note the error and keep going
358 warn "Database returned error: $@";
359 $filerrors{'DBERR'} = 1;
360 push my @filerrors, \%filerrors;
361 push @{ $count{filenames} },
362 {
363 filerrors => \@filerrors,
364 source => $filename,
365 cardnumber => $cardnumber
366 };
367 $template->param( ERRORS => 1 );
368 } else {
369 $count{count}++;
370 push @{ $count{filenames} },
371 { source => $filename, cardnumber => $cardnumber };
372 }
373 } else {
374 warn "Patron with the cardnumber '$cardnumber' does not exist";
375 $filerrors{'CARDNUMBER_DOES_NOT_EXIST'} = 1;
376 push my @filerrors, \%filerrors;
377 push @{ $count{filenames} },
378 {
379 filerrors => \@filerrors,
380 source => $filename,
381 cardnumber => $cardnumber
382 };
383 $template->param( ERRORS => 1 );
384 }
385 }
386 else {
387 warn "Unable to determine mime type of $filename. Please verify mimetype.";
388 $filerrors{'MIMERR'} = 1;
389 push my @filerrors, \%filerrors;
390 push @{ $count{filenames} },
391 {
392 filerrors => \@filerrors,
393 source => $filename,
394 cardnumber => $cardnumber
395 };
396 $template->param( ERRORS => 1 );
397 }
398 }
399 else {
400 warn "Contents of $filename corrupted!";
401 #$count{count}--;
402 $filerrors{'CORERR'} = 1;
403 push my @filerrors, \%filerrors;
404 push @{ $count{filenames} },
405 {
406 filerrors => \@filerrors,
407 source => $filename,
408 cardnumber => $cardnumber
409 };
410 $template->param( ERRORS => 1 );
411 }
412 }
413 else {
414 warn "Opening $source failed!";
415 $filerrors{'OPNERR'} = 1;
416 push my @filerrors, \%filerrors;
417 push @{ $count{filenames} },
418 {
419 filerrors => \@filerrors,
420 source => $filename,
421 cardnumber => $cardnumber
422 };
423 $template->param( ERRORS => 1 );
424 }
425 }
426 else {
427 # The need for this seems a bit unlikely, however, to maximize error trapping it is included
428 warn "Missing "
429 . (
430 $cardnumber
431 ? "filename"
432 : ( $filename ? "cardnumber" : "cardnumber and filename" )
433 );
434 $filerrors{'CRDFIL'} = (
435 $cardnumber
436 ? "filename"
437 : ( $filename ? "cardnumber" : "cardnumber and filename" )
438 );
439 push my @filerrors, \%filerrors;
440 push @{ $count{filenames} },
441 {
442 filerrors => \@filerrors,
443 source => $filename,
444 cardnumber => $cardnumber
445 };
446 $template->param( ERRORS => 1 );
447 }
448 return (%count);
449 }
450
451 =head1 AUTHORS
452
453 Original contributor(s) undocumented
454
455 Database storage, single patronimage upload option, and extensive error trapping contributed by Chris Nighswonger cnighswonger <at> foundations <dot> edu
456 Image scaling/resizing contributed by the same.
457
458 =cut
Koha ILS