search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 19677: Properly escape enumchrom/serialseq data
[koha.git] / members / paycollect.pl
blob969decb5f4d99471c12221fe0cb01c75d7573cb3
1 #!/usr/bin/perl
2 # Copyright 2009,2010 PTFS Inc.
3 # Copyright 2011 PTFS-Europe Ltd
4 #
5 # This file is part of Koha.
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 use strict;
21 use warnings;
22 use URI::Escape;
23 use C4::Context;
24 use C4::Auth;
25 use C4::Output;
26 use CGI qw ( -utf8 );
27 use C4::Members;
28 use C4::Members::Attributes qw(GetBorrowerAttributes);
29 use C4::Accounts;
30 use C4::Koha;
31 use Koha::Patron::Images;
32 use Koha::Account;
33 use Koha::Token;
34
35 use Koha::Patron::Categories;
36
37 my $input = CGI->new();
38
39 my $updatecharges_permissions = $input->param('writeoff_individual') ? 'writeoff' : 'remaining_permissions';
40 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
41 { template_name => 'members/paycollect.tt',
42 query => $input,
43 type => 'intranet',
44 authnotrequired => 0,
45 flagsrequired => { borrowers => 1, updatecharges => $updatecharges_permissions },
46 debug => 1,
47 }
48 );
49
50 # get borrower details
51 my $borrowernumber = $input->param('borrowernumber');
52 my $borrower = GetMember( borrowernumber => $borrowernumber );
53 my $user = $input->remote_user;
54
55 my $branch = C4::Context->userenv->{'branch'};
56
57 my ( $total_due, $accts, $numaccts ) = GetMemberAccountRecords($borrowernumber);
58 my $total_paid = $input->param('paid');
59
60 my $individual = $input->param('pay_individual');
61 my $writeoff = $input->param('writeoff_individual');
62 my $select_lines = $input->param('selected');
63 my $select = $input->param('selected_accts');
64 my $payment_note = uri_unescape scalar $input->param('payment_note');
65 my $accountlines_id;
66
67 if ( $individual || $writeoff ) {
68 if ($individual) {
69 $template->param( pay_individual => 1 );
70 } elsif ($writeoff) {
71 $template->param( writeoff_individual => 1 );
72 }
73 my $accounttype = $input->param('accounttype');
74 $accountlines_id = $input->param('accountlines_id');
75 my $amount = $input->param('amount');
76 my $amountoutstanding = $input->param('amountoutstanding');
77 my $itemnumber = $input->param('itemnumber');
78 my $description = $input->param('description');
79 my $title = $input->param('title');
80 my $notify_id = $input->param('notify_id');
81 my $notify_level = $input->param('notify_level');
82 $total_due = $amountoutstanding;
83 $template->param(
84 accounttype => $accounttype,
85 accountlines_id => $accountlines_id,
86 amount => $amount,
87 amountoutstanding => $amountoutstanding,
88 title => $title,
89 itemnumber => $itemnumber,
90 individual_description => $description,
91 notify_id => $notify_id,
92 notify_level => $notify_level,
93 payment_note => $payment_note,
94 );
95 } elsif ($select_lines) {
96 $total_due = $input->param('amt');
97 $template->param(
98 selected_accts => $select_lines,
99 amt => $total_due,
100 selected_accts_notes => scalar $input->param('notes'),
101 );
102 }
103
104 if ( $total_paid and $total_paid ne '0.00' ) {
105 if ( $total_paid < 0 or $total_paid > $total_due ) {
106 $template->param(
107 error_over => 1,
108 total_due => $total_due
109 );
110 } else {
111 die "Wrong CSRF token"
112 unless Koha::Token->new->check_csrf( {
113 session_id => $input->cookie('CGISESSID'),
114 token => scalar $input->param('csrf_token'),
115 });
116
117 if ($individual) {
118 my $line = Koha::Account::Lines->find($accountlines_id);
119 Koha::Account->new( { patron_id => $borrowernumber } )->pay(
120 {
121 lines => [$line],
122 amount => $total_paid,
123 library_id => $branch,
124 note => $payment_note
125 }
126 );
127 print $input->redirect(
128 "/cgi-bin/koha/members/pay.pl?borrowernumber=$borrowernumber");
129 } else {
130 if ($select) {
131 if ( $select =~ /^([\d,]*).*/ ) {
132 $select = $1; # ensure passing no junk
133 }
134 my @acc = split /,/, $select;
135 my $note = $input->param('selected_accts_notes');
136
137 my @lines = Koha::Account::Lines->search(
138 {
139 borrowernumber => $borrowernumber,
140 amountoutstanding => { '<>' => 0 },
141 accountlines_id => { 'IN' => \@acc },
142 },
143 { order_by => 'date' }
144 );
145
146 Koha::Account->new(
147 {
148 patron_id => $borrowernumber,
149 }
150 )->pay(
151 {
152 amount => $total_paid,
153 lines => \@lines,
154 note => $note,
155 }
156 );
157 }
158 else {
159 my $note = $input->param('selected_accts_notes');
160 Koha::Account->new( { patron_id => $borrowernumber } )
161 ->pay( { amount => $total_paid, note => $note } );
162 }
163
164 print $input->redirect(
165 "/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber"
166 );
167 }
168 }
169 } else {
170 $total_paid = '0.00'; #TODO not right with pay_individual
171 }
172
173 borrower_add_additional_fields($borrower, $template);
174
175 $template->param(%$borrower);
176
177 $template->param(
178 borrowernumber => $borrowernumber, # some templates require global
179 borrower => $borrower,
180 categoryname => $borrower->{description},
181 total => $total_due,
182 ExtendedPatronAttributes => C4::Context->preference('ExtendedPatronAttributes'),
183
184 csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
185 );
186
187 output_html_with_http_headers $input, $cookie, $template->output;
188
189 sub borrower_add_additional_fields {
190 my ( $b_ref, $template ) = @_;
191
192 # some borrower info is not returned in the standard call despite being assumed
193 # in a number of templates. It should not be the business of this script but in lieu of
194 # a revised api here it is ...
195 if ( $b_ref->{category_type} eq 'C' ) {
196 my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
197 $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
198 $template->param( 'catcode' => $patron_categories->next->categorycode ) if $patron_categories->count == 1;
199 } elsif ( $b_ref->{category_type} eq 'A' || $b_ref->{category_type} eq 'I' ) {
200 $b_ref->{adultborrower} = 1;
201 }
202
203 my $patron_image = Koha::Patron::Images->find($b_ref->{borrowernumber});
204 $template->param( picture => 1 ) if $patron_image;
205
206 if (C4::Context->preference('ExtendedPatronAttributes')) {
207 $b_ref->{extendedattributes} = GetBorrowerAttributes($b_ref->{borrowernumber});
208 }
209
210 return;
211 }
Koha ILS